Sunday, May 10, 2009

Torpig: "One of the Most Advanced Pieces of Crimeware ever Created”.’

Banking / Finance News
Source: spamfighter
Complete item:

Security researchers at the University of California report that they took over a botnet earlier this year (2009) and retained its control for full ten days. During the period, they exposed 70GB of stolen financial data from it that included bank account details and payment card numbers.

According to the researchers, the malware that builds and controls the botnet is known as Torpig, also called Mebroot or Sinowa, a program designed to "track" and collect financial and other personal information from users of Windows computers.

In order to take control of the Torpig botnet, the researchers exploited a flaw in the bots' manner of finding the servers that command-and-control them.  Subsequently, they established the domains for the bots to resolve them, after which they established servers to which the bots would link up with to receive the commands. This method was executed for a full ten-day period after which the controllers of Torpig made the system up-to-date and reduced the extent of observation.

While the botnet was under the control of the researchers, nearly 300,000 distinct login data was seized including 56,000 passwords collected over just one hour.  In the research, it was discovered that many victims (28%) used personal credentials more than once to access 368,501 websites, helping scammers to easily harvest more information.

Security researchers also reveal that within only those 10 days, Torpig gathered credentials of 8,310 financial accounts from institutions like Capital One, Chase, E*Trade and PayPal among many. Further, almost 40% of the data seized by Torpig was stolen from managers of browser passwords instead of original log-in sessions. Researchers also speculated that the controller of Torpig might have netted $83,000 to $8.3 Million through the exploitation of the stolen credentials.


What are Trojans?

First, from Wikipedia:
‘Torpig, also known as Sinowal and Mebroot, is a type of Trojan horsewhich can affect computers using Microsoft Windows as their operatingsystem. Torpig turns off anti-virus applications, allows others toaccess the computer, modifies data on the computer, tracks and steals confidentialinformation (such as user passwords) and installs more malware on thevictim’s computer.

As of November 2008 it has been responsible forstealing the details of about 500,000 online bank accounts and creditand debit cards and is described as “one of the most advanced pieces ofcrimeware ever created”.’

The quote, by the way came from a spokesperson at security companyRSA, UK.  Wonder what the cybercriminals are working on today...for tomorrow

Question:  What value would "username/ password have to cyberbadmen if bank's didn't use them?   What value would being in possession of a card number have if the card had to be swiped  to prove its' presence?  Therefore, if banks made it mandatory to "swipe your card" and "enter your PIN" then what value would sniffers, trojans, phishers, etc have?     

"Card Present  2FA Online Banking" empowered by HomeATM would eliminate the threat of  phishing, trojans, botnets, etc.

But first banks need to eliminate "username/ password's" and replace them with  Real-Time "Card Present" 2FA. As I stated yesterday... (see previous post) ...two of the three steps are already in place:

1.  Banks Issue Card to Cardholder
2.  Banks Issue PIN Code to Card Holder
3.  Banks Issue our PCI 2.0 Certified PED ($12 or less in quantity)

The benefits to our device DO NOT STOP after log-in.  In fact it actually ENABLES the online banking user to more securely pay bills online, transfer money from savings to checking, even transfer money from ANY US Bank Card to ANY OTHER US Bank Card in real time using email. (get in the remittance game) and securely conduct transactions online.

I cannot stress enough how much of a value proposition there is in this for banks.  As always, feel free to contact me with any questions, to see a demo or to talk more at length about the benefits of HomeATM's PCI 2.0 Certified Card Present 2FA Online Banking Program.  

Reblog this post [with Zemanta]

Disqus for ePayment News