Slashdot Mirror
Tigger.A Trojan Quietly Steals Stock Traders' Data
**$tarDu$t** recommends a Washington Post Security Fix blog post dissecting the Tigger.A trojan, which has been keeping a low profile while exploiting the MS08-66 vulnerability to steal data quietly from online stock brokerages and their customers. An estimated quarter million victims have been infected. The trojan uses a key code to extract its rootkit on host systems that is almost identical to the key used by the Srizbi botnet. The rootkit loads even in Safe Mode. "Among the unusually short list of institutions specifically targeted by Tigger are E-Trade, ING Direct ShareBuilder, Vanguard, Options XPress, TD Ameritrade, and Scottrade. ... Tigger removes a long list of other malicious software titles, including the malware most commonly associated with Antivirus 2009 and other rogue security software titles ... this is most likely done because the in-your-face 'hey, your-computer-is-infected-go-buy-our-software!' type alerts generated by such programs just might ... lead to all invaders getting booted from the host PC."
more effective that the antivirus I use today
Nullius in verba
Does it make your computer bounce up and down on its tail too?
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
I though the most wonderful thing about Tiggers was that there was only one of them
Nullius in verba
Stocks are going down. Don't buy stock.
So basically somebody needs to take out that whole "stealing your data" part from this worm and re-release it back into the wild and it would be a good thing?
Yes Francis, the world has gone crazy.
..does it run on Linux?
sudo mount --milk --sugar
Attacks like this, namely single vector and single target, point to a single person or small number of persons who have found some way of using the data to profit themselves. We're probably looking at someone in their late 20s, based in the United States(cursory examination -- appears the institutions are all english and based in the US), upper middle class, 5-7 years experience programming (self-explanatory), single, male, and with a history of mental health disorders along axis IV, socially under-developed, (the two are usually related, and most white-collar criminals have mental health disorders but are still highly intelligent) and likely recently became unemployed and is trying to maintain his upper-middle class income.
Forget tracing back through the network -- find out where the money is going. You have a many-to-one relationship, it's unlikely this guy is smart enough to launder money effectively -- the entire attack scenario points to someone new and inexperienced, and is acting alone hoping this will reduce his risk exposure. The differential is the profile above -- find someone who was recently in debt, and is now very much out of debt.
Have fun.
#fuckbeta #iamslashdot #dicemustdie
It is time for online financial institutions (brokerages and banks) to require real 2-factor authentication to log in to their sites. When I sign up for a bank account, I want them to mail me an ATM card with an embedded smartcard chip, along with a cheap USB smartcard reader. Alternatively, send a one-time-passphrase device like SecurID.
This may be a little expensive up front, but it would cut down on enough fraud that it might pay for itself.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Interestingly the Tigger trojan actually goes to the trouble of removing other more 'intrusive' malware that Anti-malware products currently detect in order to keep a low profile.
This makes me wonder just how widespread it could be.
If only there were a similar piece of malware in direct competition with this particular trojan such that both would attempt to remove the other and successfully do so.
It is interesting how malware is adapting so that not only is it able to spread more quickly to a larger number of machines, but also that it's attempting to increase its lifespan by killing off other malware so that the host may not notice that it's infected. I wonder how long it will be until a particular program updates a virus definition list or something similar to remove all other competing malware programs as they come into existence. Also, how much better will the malware be at quickly patching machines against new zero-day exploits than actual virus scanning and prevention software?
...nothing of value was lost.
**$tarDu$t* also recommends David Bowie's Station to Station for a complete botnet soundtrack.
Slartibartfast:"Is that your robot?"
Marvin:"No, I'm mine."
Version 2.0 won't just steal data. It'll make trades. Aside from the obvious theft possibilities, the controller would have the ability to create his very own economic meltdown, in any companies he wished, limited only by the size of his botnet...
It would be nice if they had a list of Antivirus programs that were effective and/or operating systems affected, nice and prominent somewhere linked from the article.
FYI, from the security bulletin:
Affected software:
XP Service Pack 2 & 3
XP Pro x64 and x64 Service Pack 2
Server 2003 Service Packs 1 & 2
Server 2003 x64 and x64 Service Pack 2
Server 2003 with SP1 and SP2 for Itanium
Non-affected:
Win2K SP 4
Vista & Vista SP1
Vista x64&SP1
Server 2008 32
Server 2008 x64
Server 2008 Itanium
--- Thousands are enslaved every day.
you just described the entire slashdot demographic
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Forget tracing back through the network -- find out where the money is going. You have a many-to-one relationship, it's unlikely this guy is smart enough to launder money effectively
When you are talking about stocks, laundering the money is easy. Simply buy some options in a particular stock with your own money and have your botnet purchase that stock with other people's money. If your botnet makes the trades quickly enough (it probably will) the stock's price will go up and the value of the options will follow exponentially. Sell the options near the top and reap the rewards.
They will never find this person among all of the trades on Wall Street.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
you nailed the whole "socially under-developed" bit, since you just responded with great seriousness to a throwaway joke
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
"the one who is making all of the feverish accusations usually is the culprit"
<sunglasses/>
YEAAAAAAHHHHHHH
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I wonder if how the virus was spread could give clues to "who knows who"? IE: Did all the machines infected at ScottTrade start from a single intrusion, or was there some type of sharing of data between ScottTrade and TD Ameritrade? Not necessarily illicit, but seeing formal and informal alliances.
All the focus here is on the AV finding the rootkit. Everyone forgets if they would have kept the machine updated, the rootkit or virus would not have been able to infect the machine in the first place. AV is a second layer of defense. MS Window machines should setup to update automatically. MS released the fix for the vulnerability this rootkit took advantage of a month or two before the rootkit was released.
they give you a little red dongle, and everytime you log in, you have to enter a 6 digit number you read from the dongle's screen after pushing its button
its annoying because i'm always misplacing the dongle
but every time i hear a story like this one, i begin to appreciate the extra effort
and that's really why you don't see more widespread adoption of things like this dongle: people favor convenience over security. i can see plenty of people whining about the dongle and banks worrying about losing customers
of course, one of these days we're going to have an armageddeon-level type identity theft event, and then we'll all be using 3 factor authentication. humanity is lazy and shortsighted until its too late
i don't see why they couldn't make the second factor elective rather than mandatory though, for security minded folks like yourself. it would be a customer relations boon for a small subsection of banking customers. its just a shame that you really only represent a minority interest
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
-OR-
Investors, having heard that Obama has the successful in his cross hairs and intends to seize the fruits of their labor and give it to the unsuccessful in the name of fairness, are panicking.
Don't you mean the fruits of other people's labor. Last time I checked investors don't actually produce anything.
You mean the record-low unemployment and explosive economic growth years
Rofl...are you kidding? Explosive economic growth due to unregulated markets balooning into a giant bubble? This is just like putting rocket boots on all the wolves in the forest and then acting surprised when all the deer have been eaten, and now the wolves are somehow starving to death.
I don't know where you got that bullshit about democrats forcing banks to loan to poor people. Banks did this intentionally and voluntarily, because they had bad statistical models that told them housing prices would go up forever, and they marketed bad (likely to foreclose) mortgage products, and they sold mortgages with little or no accurate risk data (ie: realtors/banks were lying about buyer salaries). Congress, let alone a democratic congress, had nothing to do with "forcing" this on banks...
Because it took all of 1.5 years for the Democrats to legislate to the banks "give billions upon billions of dollars to people in ill financial health!"
You know, because we wouldn't have heard that being pushed through and soundly destroying the economy in only several months, right?
These sub-prime loans started well before the Y2K bug was due to hit, my friend.
Haha. That's amusing.
A non-idiot would be able to see that this current... dilemma is a lot longer-standing than 3 years. The problem is, banks were getting better at making bad loans and milking them as long as they could.
See the earlier story regarding the formula. It let them do the things that they had been doing, but better (and most importantly, longer).
Took a lot longer than 3 years to bring down an economy.
And, by the way, foreclosures (as a rule) are because of unexpected expenses (medical) or loss of job. Not some BS about forcing lenders' hands.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
with...
VisualAnalytics, too:
http://www.visualanalytics.com/
I wouldn't be surprised if THIS is the program that the NY Times(?) reporter "outed", infuriating the Bush.
Only thing is, is I'VE been curiously and with excitment (database freaky) casually observing VisualAnalytics since, oh, about 1999 or maybe 2000. So, if this program is The One, and if the Bush had ANY thing to do with getting that NYT reporter into legal/judicial trouble, then somebody should bitch-slap him and his minions, since VA existed before the Patriot Act was published, much less drafted.
Anyway, that trader or group of tech-savvy traders better watch out, whether or not they knew/know of VA. VA purportedly has tools to do JUST the sort of forensic sniffing of some or many of the activities you posit this guy/group might have engaged in to try to cover their tracks.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Man, that's just unethical. What's the world coming to?
But look on the bright side - even though honour among thieves is gone, at least the banking world lives on.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Standard of living partially afforded because of social services enacted by corporates and upper class people who knew what they had to fear the most: an angry working class. I wonder whether they still remember.
Microsoft isn't exactly the most trustworthy when it comes to automatically installing anything they want on your computer, which is what you suggest. There doesn't seem to be a checkbox for "only fix security flaws" in Windows Update. I find I still have to sift through the options manually.
Is it just my observation, or are there way too many stupid people in the world?
seeing as the submitted didn't link it (or the 'editors' removed it?)
http://www.microsoft.com/technet/security/bulletin/MS08-066.mspx
Just to note from that security bulletin:
Published: October 14, 2008
Updated: January 13, 2009
This has already been patched for some time. Yes, I know, some are wary of installing patches in case they bring on some other issues, so one word of warning: if you use ZoneAlarm (by jove, why? WHY WHY WHY??), be sure to read the 'list of known issues after applying this patch':
http://support.microsoft.com/kb/956803
And the only reason the worker has their job and livelihood in the first place is due to Mr. Investor and Mr. CEO, etc.
If you don't like that system, feel free to start a co-op.
Attacks like this, namely single vector and single target, point to a single person or small number of persons who have found some way of using the data to profit themselves. We're probably looking at [description of nerd deleted]
ORLY?
Sounds more to me like a "Spear Phishing" operation - in this case espionage against financial institutions.
Spear-phishing has been used by detective agencies for corporate espionage before. But the tie-in to an existing piece of malware, the highly-developed stealth and anti-competition code, and the targeting of financial information, sounds to me more like the multi-billion-dollar organized crime malware operations than a single operator.
These groups also have the resources to make use of the sort of information gathered by this tool to suck billions into their own pockets by market manipulation, in addition to the outright theft you'd expect from a single, unconnected, nerd.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
So much for the ethic of graciously accepting criticism and trying to improve yourself. I guess you prefer the option that entails fostering further ignorance so that you can feel better about yourself.
So what's your excuse for failing to close your "blockquote" element? You can't spell, promote ignorance in others, *AND* you mark up for shit?
I don't buy the whole "not his last will and testament" argument either. You try to do things well even when it matters least so that when it does matter, it is easier to excel from practice.
After all, you don't always know when it'll matter. It's like always using your turn signal even when you don't see anyone else there. If you always saw them (and they, you), there wouldn't be a point to turn signals, would there? It's perhaps those times you don't realize are important that matter most.
Sadly, the answer is again no. I'm beginning to think that we will never see the year of Linux on the desktop at this rate.
I've even installed Internet Explorer 6(ies4linux), and not a single drive-by install was successful, but at least attempts were made. *sigh*
Hell, I've even tried getting some of the latest malware to run with WINE, but no such luck.(did see some fascinating garbled screen effects and some bizarre error messages though!)
Won't someone think of the penguins?
*sarcasm off*
This is one aspect of moving away from MS that I do not miss; running system hogging anti malware software, scanning my computer for infections, updating numerous app's individually, etc.
I don't know how long *nix will stay under the RADAR of malware authors, but I'm enjoying it while I can!!
This malware is getting more harmful(money-wise), sneaky, nefarious, and organized at an alarming rate. I'm afraid to imagine how nasty it will be when they do finally take aim at the Apple and *nix computers online.
That's one of the reasons that I stay current on all of the latest and greatest of this crap. If (or when?) I do have to deal with any of this stuff, I will at least have a clue.
Another reason is:(hangs head in shame)my wife refuses to be converted to *nix. She has to run MS software at work, and wants to stick with what she was trained and works in, although I frequently find her playing Monkey Bubble, and several other games on my Kubuntu Hardy PC!
But I guess only one Windows PC out of the six on my home network isn't too bad. I've only had to clean one bunch of malware off of it about two years ago when a friend of ours was visiting, and while we were visiting, her 17 year old daughter was using it online. But that has been the only problem with it.
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Your sentences were so poorly constructed that I had to read them several times over just to garner what possible meaning you were trying to express. And you say a lot of things that are, well, plain stupid ('A little news for you/some FYI' says the same thing and needs no emphasis, why repeat it? Also, 'etc. et al' is just redundant at best).
I agree that perfect grammar is not important when what you write conveys the message you intend it to convey. But even by that measure you need to educate yourself on sentence construction. Until you master the basics of grammar, fighting on a grammatical front it is just fighting out of ignorance.
Let me summarise my point for your small brain. It is not the occasional annoyance of gramarians that annoy slashdotters about ACs. It is the people who speak out of ignorance - particularly the argumentative ones.
Hey, that's "good" malware! It gets rid of all those nasty popups, where can I get myself infected?
(don't laugh. It just ain't funny)
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Ya, i know, i could run linux for a lot cheaper and avoid all the windows virus business also. But for the average user who wants things to *just work* it seems pretty clear that the time saved in not having to deal with crap like this is certainly a good reason to avoid windows.
Or you could just turn on your firewall and keep your machine up to date.
1 1 2 3 5 8 13 21 34 55 89 144 233 377 610 987 1597 2584 4181 6765
As opposed to bankers, who don't even invest in the production, but only parasite off it.
Your lack of experience disturbs me.
4 years of programming? I think many of us reached 4 years before the age of 10.
"Caught 2 people on site who attempted to access information without authorization..." gee that means you firm didn't do a good job after the first person.
Classified, schmlassified. One could work with DEA or NSA, SAIC or LANL, and still be doing classified work. Let's be honest: that doesn't mean it's important. Everybody and his brother has had a TS/SI clearance, bucko. Don't embarrass the real professionals who don't go around trying to impress people on Slashdot.
AC
These two AC's are owning you pretty hard dude, but I just had to point out that writing poorly is *not* a "writing style".
What indemnification do the brokerages and their customers get in cases such as this.
I agree that "investors" have allowed the companies they invested in to produce the US middle class but there are no "investors" in today's stock market, only "traders" and traders produce wealth only for themselves (maybe). All a trader does is bet he can find some sucker to buy some crap he bought for more money than he paid for it. The exact nature of the crap is irrelevant.
"We're probably looking at someone .. 5-7 years experience programming"
..
I doubt that the people who wrote the rootkit are the ones benefiting from it, more likely it was outsourced. As to how you tell all this from linked to article, maybe you should be doing psychic readings on the television
This might be stretching things a bit, but might we see a parallel evolutionary pattern at work here? The first malware started out in a purely parasitic mode, using host resources without regard to the health of the host. We are now seeing the emergence of less-virulent malware (at least with regard to computer resources, not necessarily less virulent with regard to impact on victims).
Might we soon discover malware that is even less virulent, and possibly even symbiotic, in terms of providing side *benefits* to those infected? Conceivable circumstances might involve a trojan that is purely for setting up a botnet, with the trojan payload aggressively cleaning the host system and entailing no more negative impact on the victim than the loss of bandwidth and CPU capacity when the botnet is being actively used...
Just curious where this might all lead.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."