Sinowal Trojan - Undetectable ?

Ocky · Nov 4, 2008

I wonder if HIPS or any scanners can stop/detect/clean this one.
(Also known as Torpig and Mebroot.)

So, why is Sinowal one of the most serious threats to anyone with an Internet connection? Simply put, Sinowal infects victims’ computers without even an inkling of a trace. The criminals behind Sinowal have not only created highly-advanced and malicious crimeware, but have also maintained one of the most hidden and reliable communication infrastructures. This infrastructure has been designed to keep Sinowal collecting and transmitting information for almost three years. In addition, the stolen data has been methodically organized within a well-organized repository. Almost three years is a very, very long time for just one online gang to maintain the lifecycle and operations in order to effectively utilize just one Trojan.
Click to expand...

http://www.rsa.com/blog/blog_entry.aspx?id=1378

JRViejo · Nov 4, 2008

Ocky said:

I wonder if HIPS or any scanners can stop/detect/clean this one.
(Also known as Torpig and Mebroot.)
Click to expand...

Looks like MBAM does - Trojan.Sinowal | Backdoor.Sinowal | Spyware.Sinowal

Ocky · Nov 4, 2008

Great ! I am protected with MBAM, along with many other Wilders members.

EraserHW · Nov 4, 2008

I can guarantee Prevx CSI is able too

Rmus · Nov 4, 2008

Not only has it become detectable, it's always been preventable, since its method of installing is the easiest to block-- the remote code execution (drive-by download) attack:

http://cyberinsecure.com/undetectable-sinowaltorpig-trojan-steals-more-than-300000-bank-accounts/

Unlike many trojans, it doesn't rely on tricking the end user into clicking on a link or file to get installed. Rather, it spreads silently via websites that prey on unpatched vulnerabilities in the Windows operating system or in third-party applications, such as Adobe Flash and Apple's QuickTime media player.
Click to expand...

All you need is security in place that will block any attempt to download an executable file without your permission.

----

Threedog · Nov 5, 2008

EraserHW said:

I can guarantee Prevx CSI is able too
Click to expand...

Prevx 2.0 nails it too.

Log in or Sign up

Sinowal Trojan - Undetectable ?

Ocky Registered Member

JRViejo Super Moderator

Ocky Registered Member

EraserHW Malware Expert

Rmus Exploit Analyst

Threedog Registered Member

Log in or Sign up

Sinowal Trojan - Undetectable ?

Ocky Registered Member

JRViejo Super Moderator

Ocky Registered Member

EraserHW Malware Expert

Rmus Exploit Analyst

Threedog Registered Member

Useful Searches