We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Password-stealing Trojan arrives

German spam spreading malware

A fresh round of spam with a password-stealing Trojan detected on Sunday uses a German-language pitch, saying the malicious attachment is an official Microsoft Windows update.

The attached malware, called Trojan-PSW.Win32.Sinowal.u, was detected by antivirus software developer Kaspersky Lab. Roel Schouwenberg, a senior research engineer at the company, said it is a next-generation Trojan that's on the rise. The Sinowal family of malware was first detected in December, and first seeded on malicious websites.

If a user visited the site without a properly patched browser, the software would install itself, allowing it to harvest login and password information for some European banks' sites, Schouwenberg said. The Sinowal family of malware may have been created in Russia, since the malware code contains some Russian, he said.

The latest spam messages have a .de email address. Rather than depending on a browser exploit to install itself, the latest version of Sinowal tries to trick users into installing it. The message, written in German, claims that a worm is on the loose, and that the recipient should run the attached file to protect their system.

Schouwenberg said the malware writers may have decided to send it by mass email if the browser exploit approach wasn't working as well.

The Sinowal Trojan is a type of 'man-in-the-middle' malware. Even if a user has started an SSL (Secure Sockets Layer) transaction with a bank, the Sinowal Trojan can insert HTML (hypertext markup language) code that causes a pop-up window asking for a user name and password. It is programmed to react to certain bank sites.

"This is something we are going to see more and more, and it will really make life hard," Schouwenberg said.

The malware is unique since it then sends that information immediately to the hacker's server rather than storing the information for periodic transmission, Schouwenberg said. The Trojan is also capable of checking for updates of itself.


IDG UK Sites

Nexus 6 vs Samsung Galaxy Note 4 comparison: What's the best Android phablet?

IDG UK Sites

The iPhone is doomed. Doomed to be marginally less successful than a very successful thing.

IDG UK Sites

How to prototype native mobile apps without writing code

IDG UK Sites

How to prepare for and update to OS X Yosemite: Get your Mac ready to download & install Apple's...