20 August 2017
Ted Egan

Ted

Ted Egan - ThreatMetrix Inc.

3Posts 10,758Views 7Comments

The nastiest ebanking trojan just got nastier

14 July 2009  |  3193 views  |  0

For too long now the perpetrators of malware have been getting away with targeting our banking sector and each time we think we are getting somewhere they seem to be one step ahead while gradually raising the bar in this arms race.

On Friday, my team at TrustDefender Labs released a report on one of the nastiest pieces of malware which has just become even nastier. Now you may think that some of the older malware is bad enough, the bad guys have released a new version of one of the most highly successful e-banking Trojans but this time with major enhancements. And the 'bad news' is that they changed the lot!

Basically, these guys have been busy over the last few months with a new version of Mebroot/Sinowal/Torpiq that performs the same tasks and does the same badness as the previous versions (for more information see www.trustdefender.com/blog), however the big difference is that this Trojan is hiding in the system with improved stealthiness than ever before, to make sure:

1.    it can infect your system without you knowing

2.    collect as much information as possible and

3.    stay there undetected as long as possible

 

To reiterate in plain English: Everything that was previously written on how to detect Mebroot/Sinowal/Torpiq is now invalid and doesn’t apply anymore… No rg4sfay file in Windows\temp anymore, no reference to  \!win$… No detection with GMER’s special mbr.exe program and GMER itself only lists a couple of detached threads… Nothing really suspicious…

The troubling issue is that the research team found this new version and noted it has the most exhaustive list of banking and broking websites they have seen – with virtually all major financial institutions in UK, Australia, USA, Spain, Italy, Germany and more. But interestingly, more and more non-bank websites are part of this list, like partycashier.com (the online payment from a popular poker site) and government sites like pay.gov (electronic payments to the US Govt).

The challenge now for the 'good guys', when will they catch up and can they stop this nasty e-banking Trojan? 

 

 

TagsSecurity

Comments: (0)

Comment on this story (membership required)

Latest posts from Ted

Chinese online gangsters target Aussie celebrity builder

14 February 2010  |  3140 views  |  0 comments | recomends Recommends 0 TagsSecurityRetail banking

Dont blame banks for not pushing visible security

01 September 2009  |  4426 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulation

The nastiest ebanking trojan just got nastier

14 July 2009  |  3193 views  |  0 comments | recomends Recommends 0 TagsSecurity

Ted's profile

job title Vice President Sales & Ops Asia Pacific
location Sydney
member since 2008
Summary profile See full profile »
Today he is Vice President of Sales for ThreatMetrix in the Asia Pacific where he is responsible for enabling Merchants, Payment processors, Financial institutions and Government agencies to REDUCE op...

Ted's expertise

Member since 2008
3 posts7 comments
Ted's blog archive
2010 (1)2009 (2)

Who's commenting on Ted's posts