Monday, January 19, 2009

Sinowal and encrypted data interception

Well, following in the theme of Trojan and viruses that we discovered at work in December, a colleague forwarded a link to a blog article describing Sinowal.

For the non geeks out there this is an important lesson: Take care before downloading and running programs from the web or mailed to you as file attachments. I have watched in horror as a otherwise smart person clicks on "OK" repeatedly when faced with them on a web page - even when these are popups screens that might contain dangerous programs.

Briefly, a Trojan is a program that installs itself on your computer and then attempts to steal information from you or is used for sending out those thousands of spam email messages that plague us.  Lots of computers with Trojans are often referred to as a Botnet because they are like an army of robots that are usually controlled by a syndicate of criminals.

The following bits of information about this program should put your guard up.
  1. It cleverly behaves in a way that fools some anti-virus programs.  Basically but not going hell for leather on installation and rather waiting before starting to take action.
  2. It can be installed via a web site that contains an executable or file attachments.
  3. It installs itself so that it starts up before Windows even launches and sets itself to execute as part of regular Windows programs
  4. (And this is the scary bit) It can read all the information that you send to encrypted web sites before they get encrypted and after the reply is unencrypted it can see what that was too.  So when you connect to your bank, paypal, amazon or any other place that you might use a credit card or passwords, this program can intercept the information.
  5. It periodically forwards this information to one of a number of sites set up to gather all the stolen passwords and credit card numbers.
  6. It was created by an organized syndicate that register thousands of web sites and host domain names for it to use.
  7. Regular updates are issued to this Trojan to keep those that are out there active.

If you are a computer geek you will appreciate some of the details in this article .

No comments:

Post a Comment