Home Technology Cyber Security Stabuniq Trojan rapidly stealing data from US banks

Stabuniq Trojan rapidly stealing data from US banks

By on ( 2 )

 

Author : Mohit Kumar on 12/23/2012 04:26:00 AM

 

Trojan.Stabuniq
Trojan.Stabuniq geographic distribution by unique IP address

 

Security researchers from Symantec have identified a new Trojan that appears to be targeting financial institutions. Dubbed Trojan.Stabuniq, the malware has been collecting information from infected systems potentially for the preparation of a more damaging attack.

 .
According to researchers, roughly 40 IP addresses infected with the Stabuniq Trojan, 40% per cent belong to financial institutions who are mostly based in Chicago and New York.
.
The malware appears to be spread by a phishing attack through spam e-mail containing a link to the address of a server hosting a Web exploit toolkit. Such toolkits are commonly used to silently install malware on Web users’ computers by exploiting vulnerabilities in outdated browser plug-ins like Flash Player, Adobe Reader, or Java.
 .
These attacks can be very simple, such as a written email from a prince in Nigeria asking for bank account information.
 .
Once installed, it collects information including its computer name, IP address, operating system version and installed service packs, running processes and dumps that data to a command & control server located at:
 .
  • anatwriteromist.com
  • bbcnews192.com
  • belsaw920.com
  • benhomelandefit.com
  • midfielderguin.com
  • prominentpirsa.com
  • sovereutilizeignty.com
  • yolanda911.com

Recommended actions for readers, Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.

Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
.
Turn off and remove unnecessary services and Enforce a password policy. Stay tuned to +The Hacker News .
.

About Author:

Photo Mohit (Mobile)Mohit Kumar aka ‘Unix Root’  is Founder and Editor-in-chief  of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. His editorials always get people thinking and participating in the new and exciting world of cyber security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks. His all efforts are to make internet more.

 

 

 

 

 

 

 

 

http://thehackernews.com/2012/12/stabuniq-trojan-rapidly-stealing-data.html

Categories: Cyber Security

Tags: , , , , , , ,

2 replies

Trackbacks

  1. Stabuniq Trojan rapidly stealing data from US banks « TECH DISTRO
  2. Homepage