Sykipot Trojan Variant Stealing DoD Smartcard Credentials 44
Trailrunner7 writes "A new research report says variants of the Sykipot Trojan have been found that can steal Dept. of Defense smartcard credentials. The research, published in a blog post Thursday, is the latest by Alien Vault to look at Sykipot, a Trojan horse program known to be used in targeted attacks against the defense industry. The new variants, which Alien Vault believes have been circulating since March, 2011, have been used in 'dozens of attacks' and contain features that would allow remote attackers to steal smart card credentials and access sensitive information."
Comment removed (Score:4, Informative)
vulnerability in the Adobe Reader (Score:2, Informative)
Per the Article:
>> The Trojan is delivered to target systems in a corrupted PDF attached to spear-phishing e-mail messages. The PDFs exploited a previously unknown software vulnerability in the Adobe Reader program, the company said.
Re:Authentication 101 (Score:5, Informative)
If the Trojan can pull pki credentials it can keylog pins.
Re:Ouch! (Score:4, Informative)
smart cards are not used without passwords. there's still a 'something you know' aspect to go along with something you have. it's just not the traditional login/password.