Loading ...
Sorry, an error occurred while loading the content.

Sinowal virus steals identity and loots accounts.

Expand Messages
  • Art Bianconi
    This one is nasty!!   This virus has successfully looted bank accounts for three years! And, using information  taken from your PC, it can go into other
    Message 1 of 5 , Oct 31, 2008
    • 0 Attachment

      This one is nasty!!

       

      This virus has successfully looted bank accounts for three years! And, using information  taken from your PC, it can go into other environments as well.  This is not merely a virus that corrupts your hard drive and costs you time and money. Destructive as they may be, the damage is contained and local. This is about identity piracy which can wipe out savings, investments and any other financial entity that is vital to your financial security. And, it's said to be the most canny of the lot and the hardest to detect!

       

      The architecture of this software, how it works and how it is installed is novel to say the least! After installation, it sits there waiting for the next boot cycle. If, as one example, you are logged onto to automatic upgrades from MS, the software doesn't come alive until after the upgrade. When your PC is restarted, it's turned on first, before anything else in the boot cycle occurs, including the virus detection software. Then it just sits there and waits for you to log on to a site.

       

      It then places new icons on your screen that are made to appear to be part of the normal environment. Those images are not coming from your bank's web site but from the software!

       

      These devices prompt you to confirm your log on data, password, social security, etc. That information is then transmitted back over the Internet to the source where it is used transparently to bilk dollars.

       

      I suggest you contact your virus protection supplier whether it be Norton, Macafee, Micosoft, et al and see if their existing virus detection cataloges include scans for this one.  I also suggest you contact your bank's Internet support staff and make sure that they have a handle on this. 

       

      Another important point: the developers have managed to cloak the software by altering it's identity on a regular basis. This plot has successfully gotten the software into host computers without detection. Because it is changing the color of its spots constantly, it is not sufficient to update your virus list anything less than daily. Yesterday's list is useless today given the aggressive nature of this software.

       

      Since apparently this software is energized only on start up, it suggests that you should keep to an absolute minimum, the number of times you reboot any computer with Internet access.

       

      Here is a cut and paste from the article. The entire article is available via the link at the bottom of this page.

       

      Art 

       


       

      Sinowal also is unique in that hides in the deepest recesses of a host computer, an area known as the "Master Boot Record." The MBR is akin to a computer's table of contents, a file system that loads even before the operating system boots up. According to security experts, many anti-virus programs will remain oblivious to such a fundamental compromise. What's more, completely removing the Trojan from an infected machine often requires reformatting the system and wiping any data stored on it.

       

      The Trojan lies in wait until the victim visits one of more than 2,700 bank and e-commerce sites hard-coded into the malware, at which point it injects new Web pages or information fields into the victim's Web browser. For example, Sinowal can falsely prompt an unsuspecting victim for personal information, such as a Social Security number or password when he or she visits one of the targeted financial institution Web sites. Any stolen data is regularly uploaded to Web servers controlled by the Trojan's authors.


       

      http://voices.washingtonpost.com/securityfix/2008/10/virtual_bank_heist_nets_500000.html?wpisrc=newsletter

    • Paul Riley
      Don t forget to VOTE, VOTE, VOTE !   (Actually, only vote once!)   After voting, why don t you head to Mallard Lodge tonight and meet other Star Gazers that
      Message 2 of 5 , Nov 4, 2008
      • 0 Attachment
        Don't forget to VOTE, VOTE, VOTE !
         
        (Actually, only vote once!)
         
        After voting, why don't you head to Mallard Lodge tonight and meet other Star Gazers that voted...!
         
        7PM EST
         
        Pj
         
         
         
         

      • Don R Surles
        Tim Milligan...please email the combination for the lock to me...my version is not current...just in case you find a pretty lady in distress and re-prioritize
        Message 3 of 5 , Nov 4, 2008
        • 0 Attachment

          Tim Milligan...please email the combination for the lock to me...my version is not current...just in case you find a pretty lady in distress and re-prioritize your priorities.

          my email address is

                  don.r.surles-1@...

          thx...don...




          Paul Riley <dmsg_pjr@...>
          Sent by: delmarvastargazers@yahoogroups.com

          11/04/2008 07:00 AM

          Please respond to
          delmarvastargazers@yahoogroups.com

          To
          delmarvastargazers@yahoogroups.com
          cc
          Subject
          [delmarvastargazers] Meeting tonight







          Don't forget to VOTE, VOTE, VOTE !

           
          (Actually, only vote once!)
           
          After voting, why don't you head to Mallard Lodge tonight and meet other Star Gazers that voted...!
           
          7PM EST
           
          Pj
           
           
           
           



          This communication is for use by the intended recipient and contains
          information that may be Privileged, confidential or copyrighted under
          applicable law. If you are not the intended recipient, you are hereby
          formally notified that any use, copying or distribution of this e-mail,
          in whole or in part, is strictly prohibited. Please notify the sender by
          return e-mail and delete this e-mail from your system. Unless explicitly
          and conspicuously designated as "E-Contract Intended", this e-mail does
          not constitute a contract offer, a contract amendment, or an acceptance
          of a contract offer. This e-mail does not constitute a consent to the
          use of sender's contact information for direct marketing purposes or for
          transfers of data to third parties.
          
          Francais Deutsch Italiano  Espanol  Portugues  Japanese  Chinese  Korean
          
                     http://www.DuPont.com/corp/email_disclaimer.html
          
        • Douglas Hemmick
          For whom do you want us to vote? Just kidding! ... -- By deepening our understanding of the true nature of physical reality, we profoundly reconfigure our
          Message 4 of 5 , Nov 4, 2008
          • 0 Attachment
            For whom do you want us to vote?

            Just kidding!

            On Tue, Nov 4, 2008 at 7:00 AM, Paul Riley <dmsg_pjr@...> wrote:

            Don't forget to VOTE, VOTE, VOTE !
             
            (Actually, only vote once!)
             
            After voting, why don't you head to Mallard Lodge tonight and meet other Star Gazers that voted...!
             
            7PM EST
             
            Pj
             
             
             
             




            --
            "By deepening our understanding of the true nature of physical reality, we profoundly reconfigure our sense of ourselves and our experience of the universe."
            - physicist Brian Greene

            "Sometimes the way a message unfolds its meaning is the most important meaning it offers."
            - Brooks Landon

            "Why should a sequence of words be anything but a pleasure?"
            - saying attributed to Gertrude Stein
          • Michael Lecuyer
            The first detected GRB event ever detected on the sun was picked up by the Fermi Gamma-Ray Space Telescope (formerly known as the Gamma-ray Large Area Space
            Message 5 of 5 , Nov 5, 2008
            • 0 Attachment
              The first detected GRB event ever detected on the sun was picked up by
              the Fermi Gamma-Ray Space Telescope (formerly known as the Gamma-ray
              Large Area Space Telescope (GLAST)) today.

              Here's the announcement message:

              Fermi
              DATE: 08/11/04 16:34:49 GMT
              FROM: Chryssa Kouveliotou at MSFC

              C. Kouveliotou (NASA/MSFC) and M.S. Briggs (UAHuntsville) report on
              behalf of the Fermi GBM Team:

              At 20:14:42.77 UT on 02 November 2008, the Fermi GBM triggered and
              located a very soft and bright event (trigger 247349683 / 081102844).
              The event location was RA = 217.6 deg, dec = -15.7 deg (+/- 1.1 deg), in
              excellent agreement with the Sun location. The time of the event
              coincides with the solar activity reported in the GOES solar reports
              (event 9790: onset at 2012 UT, max at 2015 UT, end at 2017, B5.7 flare).
              This is the first GBM detection of a solar flare; future detections will
              not be reported in a GCN Circular, unless they exhibit special
              characteristics.

              The GBM light curve shows a multiple peak event lasting approximately
              177 s (8-30 keV). The time-averaged spectrum from T0-13.824 s to
              T0+163.33 s is best fit by a single power law model with index -6.55 +/-
              0.03 (chi squared 255 for 120 d.o.f.). The event fluence (8-30 keV) in
              this time interval is (1.54 +/- 0.03) E-4 erg/cm^2.

              The spectral analysis results presented above are preliminary.
            Your message has been successfully submitted and would be delivered to recipients shortly.