Slashdot Mirror
Tigger.A Trojan Quietly Steals Stock Traders' Data
**$tarDu$t** recommends a Washington Post Security Fix blog post dissecting the Tigger.A trojan, which has been keeping a low profile while exploiting the MS08-66 vulnerability to steal data quietly from online stock brokerages and their customers. An estimated quarter million victims have been infected. The trojan uses a key code to extract its rootkit on host systems that is almost identical to the key used by the Srizbi botnet. The rootkit loads even in Safe Mode. "Among the unusually short list of institutions specifically targeted by Tigger are E-Trade, ING Direct ShareBuilder, Vanguard, Options XPress, TD Ameritrade, and Scottrade. ... Tigger removes a long list of other malicious software titles, including the malware most commonly associated with Antivirus 2009 and other rogue security software titles ... this is most likely done because the in-your-face 'hey, your-computer-is-infected-go-buy-our-software!' type alerts generated by such programs just might ... lead to all invaders getting booted from the host PC."
more effective that the antivirus I use today
Nullius in verba
Does it make your computer bounce up and down on its tail too?
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
I though the most wonderful thing about Tiggers was that there was only one of them
Nullius in verba
Stocks are going down. Don't buy stock.
..does it run on Linux?
sudo mount --milk --sugar
Benevolent worms are a perennial suggestion in computer security, and the conclusion is always no no no no.
Attacks like this, namely single vector and single target, point to a single person or small number of persons who have found some way of using the data to profit themselves. We're probably looking at someone in their late 20s, based in the United States(cursory examination -- appears the institutions are all english and based in the US), upper middle class, 5-7 years experience programming (self-explanatory), single, male, and with a history of mental health disorders along axis IV, socially under-developed, (the two are usually related, and most white-collar criminals have mental health disorders but are still highly intelligent) and likely recently became unemployed and is trying to maintain his upper-middle class income.
Forget tracing back through the network -- find out where the money is going. You have a many-to-one relationship, it's unlikely this guy is smart enough to launder money effectively -- the entire attack scenario points to someone new and inexperienced, and is acting alone hoping this will reduce his risk exposure. The differential is the profile above -- find someone who was recently in debt, and is now very much out of debt.
Have fun.
#fuckbeta #iamslashdot #dicemustdie
It is time for online financial institutions (brokerages and banks) to require real 2-factor authentication to log in to their sites. When I sign up for a bank account, I want them to mail me an ATM card with an embedded smartcard chip, along with a cheap USB smartcard reader. Alternatively, send a one-time-passphrase device like SecurID.
This may be a little expensive up front, but it would cut down on enough fraud that it might pay for itself.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Interestingly the Tigger trojan actually goes to the trouble of removing other more 'intrusive' malware that Anti-malware products currently detect in order to keep a low profile.
This makes me wonder just how widespread it could be.
If only there were a similar piece of malware in direct competition with this particular trojan such that both would attempt to remove the other and successfully do so.
It is interesting how malware is adapting so that not only is it able to spread more quickly to a larger number of machines, but also that it's attempting to increase its lifespan by killing off other malware so that the host may not notice that it's infected. I wonder how long it will be until a particular program updates a virus definition list or something similar to remove all other competing malware programs as they come into existence. Also, how much better will the malware be at quickly patching machines against new zero-day exploits than actual virus scanning and prevention software?
...nothing of value was lost.
Version 2.0 won't just steal data. It'll make trades. Aside from the obvious theft possibilities, the controller would have the ability to create his very own economic meltdown, in any companies he wished, limited only by the size of his botnet...
It would be nice if they had a list of Antivirus programs that were effective and/or operating systems affected, nice and prominent somewhere linked from the article.
FYI, from the security bulletin:
Affected software:
XP Service Pack 2 & 3
XP Pro x64 and x64 Service Pack 2
Server 2003 Service Packs 1 & 2
Server 2003 x64 and x64 Service Pack 2
Server 2003 with SP1 and SP2 for Itanium
Non-affected:
Win2K SP 4
Vista & Vista SP1
Vista x64&SP1
Server 2008 32
Server 2008 x64
Server 2008 Itanium
--- Thousands are enslaved every day.
you just described the entire slashdot demographic
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I'm okay with this worm stealing data so long as it put a little more effort into it: you know, it could introduce itself as Prince Leta Matobo living in exile in Ghana, spend some time building up a rapport, and then start making suggestions about making billions of dollars using 100% guaranteed modalities.
This automated stealing of data is just bullshit.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
you nailed the whole "socially under-developed" bit, since you just responded with great seriousness to a throwaway joke
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
It's only illegal if your name isn't SONY or BMG. If your name IS SONY or BMG, you simply need to deposit two iTunes songs on the machine, and you're held harmless.
help me i've cloned myself and can't remember which one I am
I wonder if how the virus was spread could give clues to "who knows who"? IE: Did all the machines infected at ScottTrade start from a single intrusion, or was there some type of sharing of data between ScottTrade and TD Ameritrade? Not necessarily illicit, but seeing formal and informal alliances.
"If you must have crime, at least it should be organized crime..."
Attributed to the Patrician of Ankh-Morpork
No sig for the moment.
-OR-
Investors, having heard that Obama has the successful in his cross hairs and intends to seize the fruits of their labor and give it to the unsuccessful in the name of fairness, are panicking.
Don't you mean the fruits of other people's labor. Last time I checked investors don't actually produce anything.
Man, that's just unethical. What's the world coming to?
But look on the bright side - even though honour among thieves is gone, at least the banking world lives on.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Microsoft isn't exactly the most trustworthy when it comes to automatically installing anything they want on your computer, which is what you suggest. There doesn't seem to be a checkbox for "only fix security flaws" in Windows Update. I find I still have to sift through the options manually.
Is it just my observation, or are there way too many stupid people in the world?