How’s this for a find? RSA’s FraudAction Research Lab recently announced that it had uncovered a Web server containing stolen login credentials for more than 300,000 online bank accounts, including 100,000 gleaned in the past six months. What’s more, RSA says the server, fed by an alarming number of variants of the Sinowal Trojan, has been in action uninterrupted for more than three years.
Sinowal infects PC users master boot record and is virtually undetectable by most commercial anti-virus programs. The Trojan is activated when the computer user visits one of the more than 2,700 bank and e-commerce sites that are coded into the malware; when activated it serves up bogus Web pages or asks for personal information, which is then fed back to the master server.
“This is big because this thing has been operating under the radar since 2006…that’s unheard of as the typical lifespan for something like this is weeks, or two to three months at most,” says Tom Wills, senior analyst covering security, fraud and compliance at Javelin Strategy & Research. “There are some important messages for banks in all this…start educating your customers about Trojans and give a lot more attention to application security.”