Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

CU System
Malware steals log-on data to accounts
NEW YORK (11/7/08)--The log-ons to more than a half million bank, credit and debit card accounts have been stolen over the past two-and-a-half years by a single cyber crime group using a Trojan horse spyware that "morphs" to avoid detection. News Now could not determine whether these included credit union members' accounts. Researchers at RSA Security Inc.'s FraudAction Research Lab discovered the stolen data while they were tracking the Sinowal Trojan horse, also known as Mebroot and Torpig. They tracked the spyware to a drop server that contained the stolen data (Computerworld Oct. 31). RSA investigators found more than 270,000 online banking account credentials, plus about 240,000 credit and debit account numbers and other personal information lifted from Microsoft Windows PCs (WashingtonPost.com Oct. 31). According to Sean Brady, product marketing manager at RSA's ID and access assurance group, the length of time the spyware has been maintained by a single group and the scale of the theft is "very unusual." The Trojan horse malware has been active since at least February 2006. Once on a system, the malware waits for the user to enter the address to an online bank, credit card company site or another financial URL. It then substitutes a fake address. The malware is triggered by more than 2,700 specific Web addresses, a much larger number than other Trojan horses, said Brady. The fake sites collect the log-on usernames and passwords to banks and other financial institutions. They trick users into disclosing information legitimate financial institutions would never collect online, such as Social Security numbers. They transmit the pilfered data to the drop server. RSA Security said it suspected the group responsible is based in Russia. The malware was distributed globally, but Russia was the one region that had no infections.
Other Resources

RSS





print
News Now LiveWire
CUNA: CUNA offices closed through Friday, News Now returns Monday http://t.co/a5xbLzQKDj
12 24 ago
Reminder: @CUNA's Madison, D.C. offices will be closed through Friday, open again on Monday. #NewsNow will publish Monday.
12 23 ago
MI dentist to match @CUDirect's $20K to @HurleyMedical as a result of #20for20 online voting http://t.co/hqmIc9LpK1 @CMNHospitals
12 23 ago
New #creditunion chartered in St. Louis - #LutheranFCU - by @TheNCUA http://t.co/faPfANGS0P. Only 3rd new FCU charter this year.
12 23 ago
Don't get hacked during the holidays-use these tips from @CUNA http://t.co/jEqxni6NhO #StoptheDataBreaches http://t.co/woIxPOIyys
12 23 ago