MBR Trojan Approaching the 3-Year Mark

bl8n8r writes "Still going strong since February 2006, the 'Sinowal' Master Boot Record infector (also called 'Torpig' and 'Mebroot' by various anti-virus companies) has compromised more than half a million financial accounts. An HTML injection engine adds fields to login pages to compromise credentials. Injection is triggered by the Web addresses — more than 2,700 bank and e-commerce sites are hard-coded into the malware. 'RSA investigators found more than 270,000 online banking account credentials, as well as roughly 240,000 credit and debit account numbers and associated personal information on Web servers the Sinowal authors were using to set up their attacks.' The majority of anti-virus and anti-malware scanners do not detect this threat."

What efforts are being made to find the operators?

[Animats]

Since this thing is understood, it's possible to inject phony credit card numbers into the attack. If law enforcement and a bank worked together on this, they could inject flagged credit card numbers and watch where they were used, then make some arrests. For that matter, a denial of service attack could be made against the attacker by injecting huge numbers of bogus credit card numbers, the use of any of which triggered law enforcement attention.

Maybe when Bush is gone, and the FBI and Justice Department get some decent management, we'll see some action in this area. This is what FBI Baltimore should be doing, instead of sending out child porno and seeing who bites.

No surprise

[kent_eh]

'RSA investigators found more than 270,000 online banking account credentials, as well as roughly 240,000 credit and debit account numbers and associated personal information on Web servers the Sinowal authors were using to set up their attacks.'

Yet people still look at me like I'm a cave man when I refuse to do online banking...