Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

CU System
Malware steals log-on data to accounts
NEW YORK (11/7/08)--The log-ons to more than a half million bank, credit and debit card accounts have been stolen over the past two-and-a-half years by a single cyber crime group using a Trojan horse spyware that "morphs" to avoid detection. News Now could not determine whether these included credit union members' accounts. Researchers at RSA Security Inc.'s FraudAction Research Lab discovered the stolen data while they were tracking the Sinowal Trojan horse, also known as Mebroot and Torpig. They tracked the spyware to a drop server that contained the stolen data (Computerworld Oct. 31). RSA investigators found more than 270,000 online banking account credentials, plus about 240,000 credit and debit account numbers and other personal information lifted from Microsoft Windows PCs (WashingtonPost.com Oct. 31). According to Sean Brady, product marketing manager at RSA's ID and access assurance group, the length of time the spyware has been maintained by a single group and the scale of the theft is "very unusual." The Trojan horse malware has been active since at least February 2006. Once on a system, the malware waits for the user to enter the address to an online bank, credit card company site or another financial URL. It then substitutes a fake address. The malware is triggered by more than 2,700 specific Web addresses, a much larger number than other Trojan horses, said Brady. The fake sites collect the log-on usernames and passwords to banks and other financial institutions. They trick users into disclosing information legitimate financial institutions would never collect online, such as Social Security numbers. They transmit the pilfered data to the drop server. RSA Security said it suspected the group responsible is based in Russia. The malware was distributed globally, but Russia was the one region that had no infections.
Other Resources

RSS





print
News Now LiveWire
A recent report from @TransUnion says consumers born 1981 or later made up 27% of total auto-loan originations in 2014, up 16% from 2009.
18 hours ago
.@CUNA says new House bill is "further evidence" of lawmakers' interest in how @TheNCUA uses its funds from CUs. See News Now Monday.
1 day ago
.@MECreditUnions announces winner of @YoungFreeME #SoundOff contest. @Sassquatch_Band will play Old Port Festival in June @PDD_Downtown
13 hours ago
House Financial Services Com. to hold March 3 hearing to receive the semi-annual report of @CFPB Director Richard Cordray.
13 hours ago
Rep. Jeff Miller (R-Fla.) re-introduced bill to ease veterans' access to loans for #smallbusiness purposes from a #creditunion (HR 1133)
15 hours ago