According to recently revealed data, the virus – which specialists warn can infect computers without leaving any trace – is responsible for compromising over 300.000 online banking accounts and at least as many credit and debit card accounts over the past three years. The virus also steals or compromises email security and FTP accounts.
Little is known about the source of this Trojan, although a series of speculations have been made regarding its ties to Russian crimeware syndicates. Current data indicate that the highly advanced malicious software is backed by a well-organised illicit information collection and transmission infrastructure, which has actively been stealing and gathering personal information and payment card data for the past three years. Despite its longevity, the rate of Sinowal Trojan attacks has shown no trace of slowing down, with an upwards spike in activity occurring in 2008 between March and September.
Sinowal works by injecting an HTML feature into affected computers and causing the victims’ browsers to display seemingly-legitimate web pages or information fields prompting for personal information of the type which legitimate banks never require online. Research shows that Sinowal is triggered by over 2,700 specific URLs belonging to financial service providers form all over the world.
The report, drawn by online security experts RSA FraudAction Research Lab, indicates that this virus has affected banks from the US, Canada, the UK, France, Spain, Germany and the Netherlands, as well as Australia, China and Malaysia. The research points out that no Russian accounts were compromised by Sinowal to date.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now