Tuesday, January 13, 2009

Sinowal trojan: Three years old and just plain nasty

Sinowal is a dangerous piece of malware. Security analysts are just beginning to realize how much so. That’s because the Sinowal trojan is unique in its attack vector, and we need to understand what’s different about it.

“We recently discovered that, dating back as early as February 2006, the Sinowal Trojan has compromised and stolen login credentials from approximately 300,000 online bank accounts as well as a similar number of credit and debit cards. Other information such as email, and FTP accounts from numerous websites, have also been compromised and stolen.”
- RSA FraudAction Research Lab

“How can Mebroot/Sinowal do their dirty work without a malicious component? Well, because Sinowal controls the boot sequence, it can inject the malicious code into legitimate Windows Components. It will hook key functions that the Internet Explorer will use to do its day-to-day job like sending and receiving encrypted data. Yes, you are right. Mebroot/Sinowal does have full control over the encrypted data stream as it has access to it before it will be encrypted and after it has been decrypted.”
- TrustDefender Labs

Read the whole article by Michael Kassner HERE

No comments: