Symantec finds a new trojan that steals data from US banks, customers

Symantec has discovered a new piece of malware that appears to be targeting financial institutions and their customers in the US. Dubbed Trojan.Stabuniq by Symantec, the malware has been collecting information from infected systems—potentially for the preparation of a more damaging attack.

According to a post on Symantec's blog contributed by Symantec employee Alan Neville, Trojan.Stabuniq appears to be aimed at a very specific set of victims. While the number of reported systems compromised by the Trojan are relatively low, nearly 40 percent of the systems are financial institutions' mail servers, firewalls, proxies, and gateways. Half of the systems infected are consumer PCs, and the remainder of the detected infections are on systems belonging to network security companies—likely because they are evaluating the threat posed by the Trojan.

The malware appears to be spread by a "phishing" attack through spam e-mail containing a link to the address of a server hosting a Web exploit toolkit. Once installed, it changes the Windows registry to disguise itself—usually as a Microsoft Office or Java component, or in the guise of an Internet Explorer "helper" module, InstallShield update scheduler, or sound driver agent—and makes sure it is activated at reboot. Then it collects information about the computer it has infected (including its computer name, IP address, the operating system version and which service packs are installed, and the names of running processes on the computer), and dumps that data to a command and control server at one of eight domain names.

Read 1 remaining paragraphs | Comments

Congress Defeats E-Mail Privacy Legislation — Again

Congress Defeats E-Mail Privacy Legislation — Again

The Senate late Thursday forwarded legislation to President Barack Obama granting the public the right to automatically display on their Facebook feeds what they’re watching on Netflix. While lawmakers were caving to special interests, however, they cut from the legislative …

Still putting your crypto-protected PC in hibernate? $300 app can hack it (Updated)

Cracking PGP, TrueCrypt, and other strong encryption packages just got more affordable, with the release of a $300 package that can pluck decryption keys out of computer memory in certain cases.

Thursday's release of the Elcomsoft Forensic Disk Decryptor poses the biggest threat to people who leave their pre-OS X 10.7.2 Mac laptops or FireWire-equipped PCs in hibernate or sleep states while encrypted drives are mounted. It has long been possible to use the FireWire or Mac Thunderbolt interfaces to retrieve the contents of volatile memory on machines that are password-protected but not powered down. But until now, it has cost closer to $1,000 for an easy and reliable way to use that data against people using strong full-disk encryption programs.

The new product from Moscow-based ElcomSoft changes that. Like Passware, which Ars first chronicled in 2009, it's able to comb through memory dumps and locate the cryptographic keys stored inside. But at a third of the price, Forensic Disk Decryptor could bring that capability to a much larger customer base.

Read 11 remaining paragraphs | Comments