You know what they say about the devil you know and the devil you don’t. That's just what has researchers at VeriSign's iDefense all hyped up about the Trojan Silentbanker: They can't figure out how far it's spread.
The iDefense team cautions that while Silentbanker employs the usual cookie and certificate stealing, form grabbing, and HTML injection and replacement, its exclusivity is what’s really troubling. Since the Trojan was discovered last May, iDefense has traced every attack to the same group of miscreants.
“In January 2008, the attackers launched a new version of the Trojan with a huge set of code revisions, revealing that the project has not reached any type of plateau,” the company says. “The last piece of the puzzle, which also contributes to the overall uncertainty, is the number of infected users. iDefense has been unable to recover any stolen credentials and has no gauge of how many users are infected.”
