[lotuseclat79]

Stealthy Trojan Swipes Bank Log-ins, Financial Data From Thousands.

RSA FraudAction Research Lab reported finding a treasure trove of financial data stolen by the Sinowal Trojan. The Trojan uses rootkit functionality to infect a PC's master boot record, allowing it to slip by malware defenses. The Trojan has stolen roughly 300,000 bank log-ins, as well as a similar number of credit and debit card numbers and related personal information.

Quote:

The Trojan horse contains rootkit elements that infect a PC's master boot record (MBR), allowing it to slip past malware defenses. Once downloaded, Sinowal uses an HTML injection feature to inject new Web pages or information fields into the victim’s Web browser. When a user tries to visit one of the 2,700 domains, the fake site pops up instead and prompts the user for log-in or financial information.

RSA described it this way in a blog post: “Even though a prompt like this is not a novel approach to stealing credentials and other information – what struck us the most was the amount of URL "triggers" that cause Sinowal to actually launch this prompt and other functions: Sinowal is triggered by more than 2,700 specific URLs, which means that this Trojan quickly moves into action when users access the websites of what are now hundreds of financial institutions worldwide.”

The compromised data belongs to customers of hundreds of financial institutions from around the world, including the United States, Canada, France, U.K., China and elsewhere.

This is one reason why I prefer never to do any financial transactions online! I perfer to trust humans rather than computer software (being a system software engineer myself).

-- Tom

[mrss]

Scary article, but it appears many AV programs can detect if the trojan was there.
http://www.wilderssecurity.com/showthread.php?t=197323

Some websites say that if one runs Vista with UAC enabled, the trojan can't get sufficient permission to write the MBR.

DIsclaimer: I only know enough about security to be scared.