Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Malware steals log-on data to accounts
NEW YORK (11/7/08)--The log-ons to more than a half million bank, credit and debit card accounts have been stolen over the past two-and-a-half years by a single cyber crime group using a Trojan horse spyware that "morphs" to avoid detection. News Now could not determine whether these included credit union members' accounts. Researchers at RSA Security Inc.'s FraudAction Research Lab discovered the stolen data while they were tracking the Sinowal Trojan horse, also known as Mebroot and Torpig. They tracked the spyware to a drop server that contained the stolen data (Computerworld Oct. 31). RSA investigators found more than 270,000 online banking account credentials, plus about 240,000 credit and debit account numbers and other personal information lifted from Microsoft Windows PCs (WashingtonPost.com Oct. 31). According to Sean Brady, product marketing manager at RSA's ID and access assurance group, the length of time the spyware has been maintained by a single group and the scale of the theft is "very unusual." The Trojan horse malware has been active since at least February 2006. Once on a system, the malware waits for the user to enter the address to an online bank, credit card company site or another financial URL. It then substitutes a fake address. The malware is triggered by more than 2,700 specific Web addresses, a much larger number than other Trojan horses, said Brady. The fake sites collect the log-on usernames and passwords to banks and other financial institutions. They trick users into disclosing information legitimate financial institutions would never collect online, such as Social Security numbers. They transmit the pilfered data to the drop server. RSA Security said it suspected the group responsible is based in Russia. The malware was distributed globally, but Russia was the one region that had no infections.
Other Resources

RSS print
News Now LiveWire
Speeches by @billcheney, @RepMikePompeo only part of @TheKCUA's annual meeting http://t.co/KTuun9yaLX
17 hours ago
The Mass. #CreditUnion League Wednesday held a Q&A session with Mass. Banking Commissioner David Cotney.
18 hours ago
Stay tuned for News Now as technical difficulties are addressed.
21 hours ago
Looking for a summer vacation savings account? @GOBankingRates has a #creditunion for you. http://t.co/PCCifO7q62
22 hours ago
.@wichitaeagle highlights #MidAmerican #CreditUnion in Wichita and how it focuses on members w/a personal touch http://t.co/Ut3oUWUCkl
22 hours ago