RSA FraudAction Research Lab has discovered login information for around 300,000 online bank accounts and 250,000 credit- and debit-card accounts, gathered by a cybercrime gang over the past three years using the Sinowal Trojan.
The account information has been stolen since at least February 2006, uninterrupted, and includes email and FTP accounts, according to RSA."This may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters," according to a blog posted on Friday by RSA, EMC's security unit.
The Sinowal Trojan infects a computer without the owner's knowledge, surreptitiously planting itself onto a computer while the owner is surfing the web, in an attack dubbed a 'drive-by download'. The malicious code is typically hidden on less familiar websites, often related to porn or gambling, but can also be found lurking on legitimate websites, said Sean Brady, manager of identity protection at RSA.
The Trojan is programmed to execute when the victim visits a particular banking or financial website; it is triggered by more than 2,700 specific URLs, according to RSA. The malware then inserts additional fields into the victim's browser, prompting the victim to type in information such as their PIN and Social Security number, which the website itself does not ask for.
The company has alerted law-enforcement bodies and has provided the compromised account information to the financial institutions involved, Brady said in an interview on Thursday.
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ssBHggdt42gVqfn7oXIsW1E9G1HbGdjQMfp324aMA8WbFG_-8-WsMjJaodP-OtqRFDj_8OzYDZYMjxQ39kwJcB8OftDqhPkCk599z-HTmeH1NigdVMjoZi3a6MRsbHRjk87EeKJGsaYR1cJPEUA_8=s0-d)
