'Most advanced' Trojan has compromised 600,000 accounts

4 November 2008

The details of around 600,000 online bank accounts, credit and debit cards have been compromised by a Trojan virus described as "one of the most pervasive and advanced pieces of crimeware" ever created, reports say.

On its blog, security group the RSA FraudAction Research Lab said the Sinowal Trojan - also known as Torpig and Mebroot - was first detected in February 2006.

It has since stolen the login details of around 300,000 online accounts and another 300,000 debit and credit card numbers. Customers from the US, France, Germany, the UK, Australia, China, Malaysia and others are thought to have been affected by the virus, although no accounts in its suspected country of origin - Russia - have been breached.

RSA said a single crime gang is thought to be behind Sinowal. The virus works by "injecting" legitimate-looking requests for personal information into internet browsers. Over 2,700 URLs currently trigger an attack and the creators of Sinowal keep releasing new variants to ensure it maintains an "uninterrupted grip" on infected computers.

Sean Brady of RSA said: "The group behind it have made sure to invest in the infrastructure no doubt because the return and the potential return is so great."

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development