We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Password-stealing Trojan arrives

German spam spreading malware

A fresh round of spam with a password-stealing Trojan detected on Sunday uses a German-language pitch, saying the malicious attachment is an official Microsoft Windows update.

The attached malware, called Trojan-PSW.Win32.Sinowal.u, was detected by antivirus software developer Kaspersky Lab. Roel Schouwenberg, a senior research engineer at the company, said it is a next-generation Trojan that's on the rise. The Sinowal family of malware was first detected in December, and first seeded on malicious websites.

If a user visited the site without a properly patched browser, the software would install itself, allowing it to harvest login and password information for some European banks' sites, Schouwenberg said. The Sinowal family of malware may have been created in Russia, since the malware code contains some Russian, he said.

The latest spam messages have a .de email address. Rather than depending on a browser exploit to install itself, the latest version of Sinowal tries to trick users into installing it. The message, written in German, claims that a worm is on the loose, and that the recipient should run the attached file to protect their system.

Schouwenberg said the malware writers may have decided to send it by mass email if the browser exploit approach wasn't working as well.

The Sinowal Trojan is a type of 'man-in-the-middle' malware. Even if a user has started an SSL (Secure Sockets Layer) transaction with a bank, the Sinowal Trojan can insert HTML (hypertext markup language) code that causes a pop-up window asking for a user name and password. It is programmed to react to certain bank sites.

"This is something we are going to see more and more, and it will really make life hard," Schouwenberg said.

The malware is unique since it then sends that information immediately to the hacker's server rather than storing the information for periodic transmission, Schouwenberg said. The Trojan is also capable of checking for updates of itself.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model