Sinowal Trojan Stealing Banking Information

The Sinowal Trojan, also known as Torpig and Mebroot, isn’t new. It was first detected by RSA’s Fraud Action Research Lab in February 2006. But it’s one of the most effective Trojans out there. RSA estimates the Sinowal Trojan has taken the details of 270,000 online bank accounts and 240,000 debit and credit cards from financial institutions in a number of countries, including the US, UK, Australia and Poland. Interestingly, however, RSA has no data on any Russian accounts being hit.

Users are often infected by drive-bys – visiting a site infected with the Sinowal malicious code. Sean Brady of RSA’s security division told the BBC:

"The effect has been really global with over 2000 domains compromised. This is a serious incident on a very noticeable scale and we have seen an increase in the number of Trojans and their variants, particularly in the States and Canada."

According to RSA, whoever is behind the Sinowal Trojan – and they have no idea who that is – keeps releasing new variants in an attempt to avoid detection. But in spite of its danger, it’s just one among many malware attacks that are on the increase.

Using booby-trapped sites is a rapidly-growing infection method; Sophos has claimed to be finding over 6,000 newly infected pages daily – that’s one every 14 seconds. Fortinet has said that malware attacks between July and September this year rose from 10 million to 30 million.