Trojan attacks bank accounts worldwide

Sinowal Trojan has compromised and stolen information from 300,000 bank accounts so far

  • E-Mail
By  Vineetha Menon Published  November 5, 2008

A Trojan is leaving online banking customers fearful after it was found that login credentials of nearly 300,000 online bank accounts and a similar number of credit and debit cards have been compromised and stolen around the world.

The Sinowal Trojan, tracked by security solutions provider RSA, is believed to be “one of the most pervasive and advanced pieces of crimeware ever created by fraudsters.”

Sinowal, also known as Torpig and Mebroot, has been designed to keep collecting and transmitting information for close to three years, and its effects can be traced back to 2006. The company is cooperating with banks around the world to tell them about the Sinowal Trojan and has even passed along its details to law enforcement agencies.

Speaking to, Sean Brady, manager of Internet Protection at RSA, The Security Division of EMC, revealed that the Trojan infects computers without leaving behind a trace and that users are unknowingly infected when they visit websites that contain hidden malicious code.

“The Sinowal Trojan can be challenging to detect once it is installed locally since it uses rootkit techniques designed to evade detection. RSA has witnessed 60 or more new variants every month for the past 6 months, and it is difficult for the AV providers to keep up with the latest variants, particularly given their low distribution volumes,” said Brady.

According to the RSA blog, Sinowal is ‘triggered’ by more than 2,700 specific URLs, which means that it moves into action when users access the websites of what are now hundreds of financial institutions globally.

In the last six months alone, the Sinowal Trojan has compromised and stolen login credentials and other information of more than 100,000 online bank accounts.

“To date, it has affected accounts in more than 27 countries,” Brady confirmed, including the United States, Canada, United Kingdom and Australia. Closer to the Middle East, Cyprus and Turkey have also shown signs of infection.

While customers in the region might want more clarity on the issue, especially after the recent ATM fraud that swept the country, Brady mentioned that RSA would be unable to provide specific details on any of the affected financial institutions and its customers in order to protect their security and privacy.

RSA has advised everyone to install an updated anti-virus solution and to be wary of sharing personal information online.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code