Monday, July 20, 2009

Torpig (Sinowal/Mebroot) Trojan Just Got Nastier for eBanking

Here yet is more alarming e-vidence and another reason to not trust the web when it comes to either e-banking or e-payments.   ALL financial transactions MUST be done OUTSIDE the web browser.  Yesterday in a post entitled: "Online Banking Data Fed to the Phishes"  there was a quote (pictured on left) which, in no uncertain terms, sums up the potential for "creating a large-scale secure transaction system on the web."  Here's another quote from the same article:

"Internet banking experts say without coordinated global action by governments, financial institutions will have to "give up on the internet" because they are losing their war against hackers and criminal fraudsters."

So, based on those two statements of fact, it would seem that we need to replace "typing" with "swiping."  The hackers are getting better, and the "type" system we use is an "ideal" format. 

But it gets nastier...as we learn that: (from Finextra blogs)

 The nastiest ebanking trojan just got nastier


On Friday, the team at TrustDefender Labs releaseda report on one of the nastiest pieces of malware which has just becomeeven nastier.

Now you may think that some of the older malware is badenough, the bad guys have released a new version of one of the mosthighly successful e-banking Trojans but this time with majorenhancements. And the 'bad news' is that they changed the lot!

Basically, these guys have been busy over the last few months with anew version of Mebroot/Sinowal/Torpiq that performs the same tasks anddoes the same badness as the previous versions (for more informationsee www.trustdefender.com/blog),however the big difference is that this Trojan is hiding in the systemwith improved stealthiness than ever before, to make sure:

1.    it can infect your system without you knowing
2.    collect as much information as possible and
3.    stay there undetected as long as possible


To reiterate in plain English: Everything that was previouslywritten on how to detect Mebroot/Sinowal/Torpiq is now invalid anddoesn’t apply anymore… No rg4sfay file in Windows\temp anymore, noreference to  \!win$… No detection with GMER’s special mbr.exe programand GMER itself only lists a couple of detached threads… Nothing reallysuspicious…

The troubling issue is that the research team found this new versionand noted it has the most exhaustive list of banking and brokingwebsites they have seen – with virtually all major financialinstitutions in UK, Australia, USA, Spain, Italy, Germany and more.
Butinterestingly, more and more non-bank websites are part of this list,like partycashier.com (the online payment from a popular poker site)and government sites (FED to the Phishes) like pay.gov (electronic payments to the US Govt).

The challenge now for the 'good guys', when will they catch up and can they stop this nasty e-banking Trojan?

Editor's Note:  Yeah, just "stop typing." Trojans work because people are still inexplicably "typing" their Primary Account Number (PAN) or online banking authentication (username/password) into boxes on websites. 

Until they start swiping we will be boxed in by the bad guys.  It really is that simple. 

The cardholder data/authentication credentials MUST be encrypted "outside" the browser space.  We swipe our card and enter our PIN to get cash in real-time at an ATM, so the encryption standards used by the banking industry are safe. (it's the skimming devices and camera's that put ATM's at risk) 

Thus, considering that HomeATM 3DES encrypts and utilizes DUKPT key management, (and is PCI 2.0 certified with imminent TG-3 certification) I stand by my belief that instead "typing" puts fraudsters at a level playing field, whereby "swiping" with end-to-end encryption puts them at a disadvantage they cannot overcome. 

Take a look at some of the related articles to read more on the subject of online banking insecurity



Reblog this post [with Zemanta]

Disqus for ePayment News