Tuesday, November 4, 2008

Undetectable data-stealing trojan nabs 500,000 virtual wallets

RSA issued a report earlier this week confirming the enormous threat posed to all internet users by the "Sinowal" trojan (a.k.a "Torpig" and "Mebroot"). This insidious agent is virtually undetectable, infecting a user's PC regardless of Anti-Virus and other defenses - thanks to a steady stream of variants and a highly-advanced design. Once on your system, it waits for you to visit a banking or any of its other 2,700+ trigger sites, then injects additional information fields designed to capture the necessary personal data for identity theft. The gathered credentials are well organized and sent discretely off to the criminal servers.

[RSA] recently discovered that, dating back as early as February 2006, the Sinowal Trojan has compromised and stolen login credentials from approximately 300,000 online bank accounts as well as a similar number of credit and debit cards. Other information such as email, and FTP accounts from numerous websites, have also been compromised and stolen.

The trojan is downloaded automatically through websites that exploit vulnerabilities in Windows or 3rd-party applications, and doesn't require any action or 'acceptance' by the user to install. What's worse, is that once installed:

About the only remedy for victims fortunate enough to learn they are contaminated is to reformat their hard drive and reinstall their operating system.

So, here's a trojan that your standard defenses won't catch, and which can't be erradicated short of re-formatting your system. This is exactly the reason we designed SafeCentral as a "Reverse Sandbox" solution. The security industry battles the criminals every day, but no defense system is perfect; nothing is 100% effective at stopping every infection. Also, no one wants to erase all of their data and start from scratch reformatting your drive. So, what is a user to do when presented with an easy to catch, difficult to block, and almost impossible to erase evil bug like this? Use SafeCentral!

SafeCentral keeps the URL's you enter private, thereby eliminating the 'trigger' event for this trojan, and SafeCentral's secure DNS and anti-keylogging/anti-screen-scraping protect your data from exposure. SafeCentral is the only way a PC user who might come in contact with a Sinowal variant can transact safely online.