All Top Banking

Torpig (Sinowal/Mebroot) Trojan Just Got Nastier for eBanking

Posted by John B. Frank Monday, July 20, 2009

Here yet is more alarming e-vidence and another reason to not trust the web when it comes to either e-banking or e-payments.   ALL financial transactions MUST be done OUTSIDE the web browser.  Yesterday in a post entitled: "Online Banking Data Fed to the Phishes"  there was a quote (pictured on left) which, in no uncertain terms, sums up the potential for "creating a large-scale secure transaction system on the web."  Here's another quote from the same article:

"Internet banking experts say without coordinated global action by governments, financial institutions will have to "give up on the internet" because they are losing their war against hackers and criminal fraudsters."

So, based on those two statements of fact, it would seem that we need to replace "typing" with "swiping."  The hackers are getting better, and the "type" system we use is an "ideal" format. 

But it gets nastier...as we learn that: (from Finextra blogs)

 The nastiest ebanking trojan just got nastier


On Friday, the team at TrustDefender Labs releaseda report on one of the nastiest pieces of malware which has just becomeeven nastier.

Now you may think that some of the older malware is badenough, the bad guys have released a new version of one of the mosthighly successful e-banking Trojans but this time with majorenhancements. And the 'bad news' is that they changed the lot!

Basically, these guys have been busy over the last few months with anew version of Mebroot/Sinowal/Torpiq that performs the same tasks anddoes the same badness as the previous versions (for more informationsee www.trustdefender.com/blog),however the big difference is that this Trojan is hiding in the systemwith improved stealthiness than ever before, to make sure:

1.    it can infect your system without you knowing
2.    collect as much information as possible and
3.    stay there undetected as long as possible


To reiterate in plain English: Everything that was previouslywritten on how to detect Mebroot/Sinowal/Torpiq is now invalid anddoesn’t apply anymore… No rg4sfay file in Windows\temp anymore, noreference to  \!win$… No detection with GMER’s special mbr.exe programand GMER itself only lists a couple of detached threads… Nothing reallysuspicious…

The troubling issue is that the research team found this new versionand noted it has the most exhaustive list of banking and brokingwebsites they have seen – with virtually all major financialinstitutions in UK, Australia, USA, Spain, Italy, Germany and more.
Butinterestingly, more and more non-bank websites are part of this list,like partycashier.com (the online payment from a popular poker site)and government sites (FED to the Phishes) like pay.gov (electronic payments to the US Govt).

The challenge now for the 'good guys', when will they catch up and can they stop this nasty e-banking Trojan?

Editor's Note:  Yeah, just "stop typing." Trojans work because people are still inexplicably "typing" their Primary Account Number (PAN) or online banking authentication (username/password) into boxes on websites. 

Until they start swiping we will be boxed in by the bad guys.  It really is that simple. 

The cardholder data/authentication credentials MUST be encrypted "outside" the browser space.  We swipe our card and enter our PIN to get cash in real-time at an ATM, so the encryption standards used by the banking industry are safe. (it's the skimming devices and camera's that put ATM's at risk) 

Thus, considering that HomeATM 3DES encrypts and utilizes DUKPT key management, (and is PCI 2.0 certified with imminent TG-3 certification) I stand by my belief that instead "typing" puts fraudsters at a level playing field, whereby "swiping" with end-to-end encryption puts them at a disadvantage they cannot overcome. 

Take a look at some of the related articles to read more on the subject of online banking insecurity



Reblog this post [with Zemanta]

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio