The RSA FraudAction Research Lab reports it has uncovered a three-year campaign by cyber criminals which resulted in the theft of personal and financial information from more than half a million people worldwide.
“This may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters,†the RSA blog warns. “Dating back as early as February 2006, the Sinowal Trojan has compromised and stolen login credentials from approximately 300,000 online bank accounts as well as a similar number of credit and debit cards. Other information such as email, and FTP accounts from numerous Web sites, have also been compromised and stolen.â€
According to a post on the official RSA blog, sophsticated criminal hackers distributed the Trojan infection to victims’ computers via so-called ‘drive-by downloads’. Then, when users accessed certain online banking or transaction Web services, the trojan inserted additional fields into the forms displayed by the real sites, asking for additional information that the legitimate site would not normally request.
Information keyed into the extra form fields was sent directly back to the criminals while information keyed into the legitimate fields was sent on, to the legitimate site, and the expected transaction would take place, as usual, without the user or the service provider suspecting that any clandestine activity had taken place.
RSA notes that, once downloaded to a victim’s computer, the Sinowal Trojan could be triggered by any of over 2,700 banking and transaction site URLs.