Stabuniq Trojan rapidly stealing data from US banks

Stabuniq Trojan rapidly stealing data from US banks

 

Trojan.Stabuniq
Trojan.Stabuniq geographic distribution by unique IP address

Security researchers from Symantec have identified a new Trojan that appears to be targeting financial institutions. Dubbed Trojan.Stabuniq, the malware has been collecting information from infected systems potentially for the preparation of a more damaging attack.

According to researchers, roughly 40 IP addresses infected with the Stabuniq Trojan, 40% per cent belong to financial institutions who are mostly based in Chicago and New York.

The malware appears to be spread by a phishing attack through spam e-mail containing a link to the address of a server hosting a Web exploit toolkit. Such toolkits are commonly used to silently install malware on Web users’ computers by exploiting vulnerabilities in outdated browser plug-ins like Flash Player, Adobe Reader, or Java.
These attacks can be very simple, such as a written email from a prince in Nigeria asking for bank account information.
Once installed, it collects information including its computer name, IP address, operating system version and installed service packs, running processes and dumps that data to a command & control server located at:
  • anatwriteromist.com
  • bbcnews192.com
  • belsaw920.com
  • benhomelandefit.com
  • midfielderguin.com
  • prominentpirsa.com
  • sovereutilizeignty.com
  • yolanda911.com

Recommended actions for readers, Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.

Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.

Advertisements
Comments
2 Responses to “Stabuniq Trojan rapidly stealing data from US banks”
  1. Arlen Rutter says:

    I simply want to tell you that I am all new to weblog and definitely liked you’re blog site. Probably I’m likely to bookmark your blog post . You definitely have superb article content. Many thanks for revealing your web site.

  2. Luigi Fulk says:

    I simply want to tell you that I am just new to blogging and site-building and actually enjoyed your page. Almost certainly I’m going to bookmark your website . You certainly have excellent stories. Appreciate it for revealing your website.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Blog Stats

    • 10,686 hits
  • Upcoming Events

    No upcoming events

%d bloggers like this: