How’s this for a find? RSA’s FraudAction Research Lab recently announced that it had uncovered a Web server containing stolen login credentials for more than 300,000 online bank accounts, including 100,000 gleaned in the past six months. What’s more, RSA says the server, fed by an alarming number of variants of the Sinowal Trojan, has been in action uninterrupted for more than three years.
Sinowal infects PC users master boot record and is virtually undetectable by most commercial anti-virus programs. The Trojan is activated when the computer user visits one of the more than 2,700 bank and e-commerce sites that are coded into the malware; when activated it serves up bogus Web pages or asks for personal information, which is then fed back to the master server.