RSA FraudAction Research Lab has discovered login information for around 300,000 online bank accounts and 250,000 credit- and debit-card accounts, gathered by a cybercrime gang over the past three years using the Sinowal Trojan.
The account information has been stolen since at least February 2006, uninterrupted, and includes email and FTP accounts, according to RSA."This may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters," according to a blog posted on Friday by RSA, EMC's security unit.
The Sinowal Trojan infects a computer without the owner's knowledge, surreptitiously planting itself onto a computer while the owner is surfing the web, in an attack dubbed a 'drive-by download'. The malicious code is typically hidden on less familiar websites, often related to porn or gambling, but can also be found lurking on legitimate websites, said Sean Brady, manager of identity protection at RSA.
The Trojan is programmed to execute when the victim visits a particular banking or financial website; it is triggered by more than 2,700 specific URLs, according to RSA. The malware then inserts additional fields into the victim's browser, prompting the victim to type in information such as their PIN and Social Security number, which the website itself does not ask for.
The company has alerted law-enforcement bodies and has provided the compromised account information to the financial institutions involved, Brady said in an interview on Thursday.
Find out how our patented technology can empower your financial institution.
Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)
There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.
Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ugcc2grwK_H0IrV90bMV5YlaPzJ_dIWX9wOvCRf7dgc8IEnoW68lnnYbSWh3-wka4TE71gHepEdG-y7GKd-vrjx8zo_Vdg2Yma7E0serG0dVuXXxyzPDlZPSOZi0uqB9IMZCnl9Cx7k-2i4kh_XvA=s0-d)
0 comments