Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

[ Create a new account ]

Tigger.A Trojan Quietly Steals Stock Traders' Data

Posted by kdawson on Tuesday March 03, @05:37PM
from the where-the-money-is dept.
Security The Almighty Buck
**$tarDu$t** recommends a Washington Post Security Fix blog post dissecting the Tigger.A trojan, which has been keeping a low profile while exploiting the MS08-66 vulnerability to steal data quietly from online stock brokerages and their customers. An estimated quarter million victims have been infected. The trojan uses a key code to extract its rootkit on host systems that is almost identical to the key used by the Srizbi botnet. The rootkit loads even in Safe Mode. "Among the unusually short list of institutions specifically targeted by Tigger are E-Trade, ING Direct ShareBuilder, Vanguard, Options XPress, TD Ameritrade, and Scottrade. ... Tigger removes a long list of other malicious software titles, including the malware most commonly associated with Antivirus 2009 and other rogue security software titles ... this is most likely done because the in-your-face 'hey, your-computer-is-infected-go-buy-our-software!' type alerts generated by such programs just might ... lead to all invaders getting booted from the host PC."
security money windows bug microsoft
it security
story

Related Stories

[+] Massive Botnet Returns From the Dead To Spam On 205 comments
CWmike writes "Gregg Keizer reports that the big spam-spewing Srizbi botnet, shut down two weeks ago when McColo was shuttered, has been resurrected and is again under the control of criminals, security researchers said today. As of late Tuesday, infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia, said Fengmin Gong, chief security content officer at FireEye. The comeback confirms what researchers noted last week, that Srizbi had a fallback strategy. So, in the end, that strategy paid off for the criminals who control the botnet."
Firehose:Tigger.A Trojan Quietly Steals Stock Traders' Data by **$tarDu$t** (945080)
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Tigger.A Trojan Quietly Steals Stock Traders' Data 25 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.

  • looks like it may be (Score:5, Funny)

    by bugs2squash (1132591) on Tuesday March 03, @05:39PM (#27056745)
    more effective that the antivirus I use today

    • Re:looks like it may be (Score:4, Funny)

      by Anonymous Coward on Tuesday March 03, @05:55PM (#27056973)
      And much, much more effective than your English class.

    • Now what we really need... (Score:5, Interesting)

      by alvinrod (889928) on Tuesday March 03, @05:56PM (#27056995)

      If only there were a similar piece of malware in direct competition with this particular trojan such that both would attempt to remove the other and successfully do so.

      It is interesting how malware is adapting so that not only is it able to spread more quickly to a larger number of machines, but also that it's attempting to increase its lifespan by killing off other malware so that the host may not notice that it's infected. I wonder how long it will be until a particular program updates a virus definition list or something similar to remove all other competing malware programs as they come into existence. Also, how much better will the malware be at quickly patching machines against new zero-day exploits than actual virus scanning and prevention software?

  • Oblig... (Score:5, Funny)

    by 8127972 (73495) on Tuesday March 03, @05:39PM (#27056747)

    Does it make your computer bounce up and down on its tail too?

  • a quarter million !!! (Score:5, Funny)

    by bugs2squash (1132591) on Tuesday March 03, @05:42PM (#27056783)
    I though the most wonderful thing about Tiggers was that there was only one of them

  • Here's the sum total of the knowledge gained... (Score:4, Funny)

    by Anonymous Coward on Tuesday March 03, @05:46PM (#27056825)

    Stocks are going down. Don't buy stock.

  • time for 2-factor (Score:4, Insightful)

    by Lord Ender (156273) on Tuesday March 03, @05:55PM (#27056989) Homepage

    It is time for online financial institutions (brokerages and banks) to require real 2-factor authentication to log in to their sites. When I sign up for a bank account, I want them to mail me an ATM card with an embedded smartcard chip, along with a cheap USB smartcard reader. Alternatively, send a one-time-passphrase device like SecurID.

    This may be a little expensive up front, but it would cut down on enough fraud that it might pay for itself.

  • Version 2.0 (Score:5, Interesting)

    by russotto (537200) on Tuesday March 03, @06:10PM (#27057193) Journal

    Version 2.0 won't just steal data. It'll make trades. Aside from the obvious theft possibilities, the controller would have the ability to create his very own economic meltdown, in any companies he wished, limited only by the size of his botnet...

    • Re:sourcing the problem (Score:5, Funny)

      by oldspewey (1303305) on Tuesday March 03, @06:03PM (#27057067)

      find someone who was recently in debt, and is now very much out of debt

      Agreed, let's go after the bailout recipients.

        • Re:sourcing the problem (Score:5, Insightful)

          by commodoresloat (172735) on Tuesday March 03, @06:33PM (#27057495) Homepage

          Link it with possible terrorism to bypass the usual rules that would prevent a dragnet, and chances are good you find your man. At least, that's how I'd investigate.

          Well then thank goodness you're not investigating. Crap like this is the exact reason many of us were outraged at the Patriot Act and similar legislation; back in 2001-2 we argued that such legislation would become an easy way for investigators to ignore the Constitution for a host of other crimes. There's been plenty of evidence of that happening already, but it's rare to see someone openly advocate such an abuse of law -- usually, in fact, conservatives defended these laws by saying they would never be used against anyone but the most dangerous international terrorists.

          • Re:sourcing the problem (Score:5, Informative)

            by NeutronCowboy (896098) on Tuesday March 03, @06:41PM (#27057597)

            I was about to post the same exact words. The analysis is completely faulty, based on some incredibly vague and unrelated statistics, and the call to action includes zero verification of those assumptions. Narrowing the US population to the specified profile would probably provide a single hit, but that hit would also almost certainly not be related to the trojan. That's because this is a pure case of garbage in, garbage out.

    • you just described the entire slashdot demographic

    • Re:sourcing the problem (Score:5, Informative)

      by johnsonav (1098915) on Tuesday March 03, @06:14PM (#27057241)

      Forget tracing back through the network -- find out where the money is going. You have a many-to-one relationship, it's unlikely this guy is smart enough to launder money effectively -- the entire attack scenario points to someone new and inexperienced, and is acting alone hoping this will reduce his risk exposure.

      I would imagine the guy who wrote this isn't working alone. Most of these kinds of attacks aren't meant to directly transfer money from the victim's brokerage account to an account controlled by the attacker.

      They use the hijacked accounts to purchase large quantities of a low-volume penny stock. The attacker, or the group he works for, already have a large position in that stock. The huge increase in demand pushes the price for the stock up. This causes all kinds of people to sell--including the attacker. And they make a tidy profit, while the victims are left with a large quantity of over-priced stock.

      The hard part about catching the perpetrators is sifting through the list of all the people who sold the stock at the inflated prices. A bunch of people make money from a scam like this, but only one is the criminal.

    • Re:sourcing the problem (Score:5, Insightful)

      by NeutronCowboy (896098) on Tuesday March 03, @06:28PM (#27057419)

      Err, no. You might have the most likely demographic right, but that's just because they contain the majority of crackers. As for the debt, it is very unlikely someone in that demographic managed to accumulate a lot of debt.

      What I'm pretty sure you got completely wrong is the acting alone part. You do not profit of this kind of targeted scheme by working alone. You either have a taskmaster who requested this info, or you know the people who will be able to profit from this info.

      Really, nice try, but I'm pretty sure you have no idea who the crackers really are, and how they operate. I don't know em personally either, but I've got enough experience with DSM and psychological profiling to call shenanigans on your assessment.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.