Trojan Pilfers Thousands of Classified Bank Data

Trojan Pilfers Thousands of Classified Bank Data

A Trojan horse launched by a sophisticated group of cybercrooks was able to make its way to bank'computer systems, stealing thousand of online bank account log-ons as well as credit card information.


The Sinowal Trojan, otherwise known as Mebroot and Torpig, was traced back by researchers at RSA Seurity to a drop server consisting of the filched data. The researchers were able to detect a sample of the Trojan which they then tracked to the drop server. The Sinowal downloader  was described by RSA as ‘one of the most advanced pieces of crimeware ever created.' It managed to breach 270,000 banking accounts and 240,000 credit and debit cards since it was first characterized in February 2006.



The group who devised the attacks was first disguised as a business. Sean Brady, the product marketing manager for RSA's ID and access assurance group, said "We see some evidence that they have employed some practices that you may normally find in businesses that maintain high availability [of IT].  They're using some redundancy, some backup effort for the data. They've clearly invested in this."



Sinowal preyed on hundreds of thousands of PCs across the world throughout its entire run. It was carried out to dupe users into entering their address to an online bank, credit card company site or other financial URL. It then replaces fake data in exchange of the real ones. The Trojan is triggered by over 2,700 specific Web addresses, a much larger number compared to other codes.