Home arrow US-CERT Computer Emergency Readiness Team arrow Torpig Trojan Horse Attack Activity

Torpig Trojan Horse Attack Activity

US-CERT is aware of public reportspublic reports of a high volume of financial accounts compromised by the Torpig (also known as Sinowal or Anserin) Trojan horse. This Trojan horse uses HTML injection to add fields to web pages in order to convince users to provide additional user credentials or financial account information. Systems compromised by this Trojan horse are being used by attackers to obtain FTP credentials, email addresses, and digital certificates of the current user.

This Trojan horse uses an MBR rootkit known as Mebroot. This rootkit contains configuration information for the Trojan horse as well as techniques used to keep the Trojan horse undetectable.

US-CERT encourages users to do the following preventative measures to mitigate the security risks:

  • Install antivirus software, and keep the virus signatures up to date.
  • Investigate anomalous or slow-running machines, looking for unknown processes or unexpected Internet connections as this may be a sign of malicious programs operating in the background.
  • Examine firewall logs of systems for connections to or from anomalous IP addresses.
  • Consider traffic analysis to identify compromised systems that are exfiltrating data.

Read more: US-CERT Current Activity

 

The alerts are updated in real time as they are released.
The Antivirus Advice website
is a collaberation of users, engineers and technical writers to present explaniations of Internet Security threats. It is sponsored by the following companies whose staff contributed to these articles.
Nortons.comNortons.com
Antivirus DepotAntivirus Depot