Most transactional Trojans work the same way, and it worries me that Torpig and other Trojans have more and more business logic built-in.
(PRWEB) June 20, 2011
TrustDefender Labs, the R&D arm of integrated fraud risk management provider TrustDefender, have released a new in-depth report on a well-known Trojan called Torpig and discusses how it affects the evolving security landscape of Internet transactions as a whole. The Torpig Trojan was distributed en masse in 2008 (together with Mebroot) and it resurfaced recently with major innovative improvement.
Torpig was 2008’s most notorious Trojan as its distribution vector, Mebroot/Sinowal, was highly effective in circumventing all security protections at that time - with ease. The TrustDefender Labs team identified an innovative new strain of the Torpig Trojan within the last couple of months.
According to the report, the main improvement is Torpig’s ability to infect Windows Vista and Windows 7 computers where Microsoft’s security improvements were designed to make life hard for malware, but it seems, not hard enough. Torpig no longer needs administrator rights to perform its dirty tasks, and furthermore, it is now fully compatible with all the latest Internet Explorer and Firefox browsers.
Andreas Baumhof, CTO of TrustDefender comments: “This new strain of the Torpig Trojan continues to assert itself amongst a growing list of highly sophisticated Trojans such as Zeus or Spyeye. While the Zeus Trojan has received lots of publicity, it’s the smaller Trojans with smaller profiles that are more efficient, as they can stay undetected and under the radar.
“Most Trojans works the same way, and it worries me that Torpig and other Trojans have more and more business logic built-in. This means Trojans like Torpig don’t do anything unless the user goes into a specific situation. A computer infected by Torpig looks perfectly clean up until you click on the “login” button for selected websites or network locations - and this is where you get hit. Torpig and similar Trojans also feature proprietary encryption communication to disguise their tracks.
“On a positive note, due to the security improvements in Windows Vista and 7, the Trojan will be much easier to detect and remove – but only if you know you are infected. Unfortunately, this gets harder and harder to do with existing security solutions”.
Virtually every day you can read about an increase in Internet hack challenges, advanced persistent threat attacks and identity take-overs facing major brand name retailers, governments and corporations worldwide - suggesting the Internet security arms race has only just begun.
The signs of increasing innovation by nefariously determined criminal elements do not look to be receding anytime soon, and in response, there is an alarming lack of innovation or speed to implement new security technologies to counter these major attacks by our governments, financial institutions, retailers or corporations - usually due to bureaucracy, thus opening the door for further malicious attacks.
TrustDefender Labs’ report outlines a level of increased sophistication that highlights why criminal elements can easily ensure that they can stay ahead of the good guys.
In addition, please note that TrustDefender’s products provide full protection against yesterday’s, today’s and even tomorrow’s Trojans, and if you’d like to know how we do it and why we can claim to protect our users from even new and unknown Trojans, please feel free to contact us.
A public preview of the report is available on the TrustDefender Labs blog http://www.trustdefender.com/blog. A full report can be requested from labs(at)trustdefender(dot)com
Phone: +61 2 9011 6516
TrustDefender’s products will fully detect and protect against Torpig.
TrustDefender delivers security and fraud detection technology to protect enterprises and their customers at the device and transaction level from online fraud. This enables TrustDefender’s customers in banking, Government, cloud application providers and online merchants to reduce the cost of online fraud. The company’s combination of device and page fingerprinting technologies is a world first and instantly detects the source of any attempts to compromise an organisation’s online defences. TrustDefender, founded in 2006, is headquartered in Sydney, Australia with offices in the UK, USA and Asia Pacific and can be found online at http://www.trustdefender.com.