Sinowal

OK. So who was aware that October was National Security Awareness Month? I didn't see any coverage of the event. Today I learn from a link posted on facebook that a huge cache of stolen financial data has been newly discovered. You can read articles in the few papers that picked up this piece of news, but try as you might, you'll find it hard to uncover advice on how to protect yourself against losing your own financial data. Most reporters are content to regurgitate what appears on the blog of the research organization that made the find. And, strangely, that blog post describes the extent of the crime -- as far as known -- but gives no help to individuals who wish to guard against it. Only one reporter seems to have taken the trouble to contact the organization in order to get some advice. He quotes a "manager of identity protection" at the organization, but the directions are pretty vague:

Education is the best defense against Trojans, Brady said. "You can shut down infection points, but that's like playing Whack-a-Mole," he said. "The most important thing is to educate consumers as to the dangers of going to sites they are not supposed to, and of clicking on links in spam e-mails they receive."

That's it; no guidelines on how to identify the dangerous sites; just stay away. And there's little said that might restrain the hapless users who are prone to open spam e-mails. (I've quoted from this article: RSA Cracks Down on Legendary Sinowal Trojan. October 31, 2008, By Richard Adhikari, in internetnews.com.)

Another article adds a bit of extra help: "Users should take every precaution when downloading applications even from reputable sites such as CNet or Softpedia. If the application looks a little shoddy, think twice before installing it onto your PC." Unfortunately the author doesn't say what he means by extra precaution; once you click you're infected. More unfortunately, according to another report, Sinowal mostly uses two Adobe products: Flash and PDF to to attack its victims -- not spam e-mails or file downloads.

It's frustrating.

I've been using a Flash blocker in my browser. I hope that helps protect me. I haven't been cautious about opening pdf files and don't really know how to guard against infection via pfd (maybe download and do a virus scan before opening).

It's also annoying, not just that the articles on Sinowal do little to help you protect yourself against it, but also that the mainstream government security sites are unhelpful. Worse, the US government's primo OnGuardOnline site, uses Flash exclusively to get across its message (and doesn't mention Flash vulnerabilities). That, and the government's main security tracking site US Computer Emergency Readiness Team uses a pdf file to say What Can You Do to Contribute to Cyber Security Awareness? (and uses an opaque CLICK HERE to get us to the pdf without letting us know that it's a pdf we're being taken to).

I'd be grateful for any comfort readers can give me about Sinowal and its many variants and co-conspirators. (I do know that using Microsoft Windows is asking for trouble and don't need to be told that.)



That said, I'm grateful to my son for putting me on to this threat. Much better to know of the threat, even while being unsure about protecting against it.

References:

• Source of image at top: http://tech.blorge.com/

• 'National Security Awareness Month': October is National Cyber Security Awareness Month, US CERT Press Room


• 'huge cache of stolen financial data' - A Huge Cache of Stolen Financial Data, NYT, By John Markoff

• 'what appears on the blog' - One Sinowal Trojan + One Gang = Hundreds of Thousands of Compromised Accountsby RSA FraudAction Research Lab on 10/31/2008

• 'Another article' - Sinowal Trojan found to have stolen 300,000 bank log-ins, November 1, 2008, by Mike Ferro

• 'Another report' - Sinowal super trojan empties half million bank accounts, November 1, 2008, by Brian Turner

Worth reading in full: Here are some excerpts from this last report:

Already nearly three years old, the Sinowal trojan - aka Torpig or Mebroot - is typical in its behaviour of trying open up user computers - but with the added twist of phishing user bank accounts. It is being constantly updated with patches to beat security filters - it is also storing up user data on everyone its infects. The main method of delivery isn’t email spam, though, but instead through hacking websites to insert the malicious code onto visitors PC’s. Flash and Adobe hacks have been especially common, and I’ve seen these in action myself. Wordpress blogs have especially become a major target of attack.