Online Stock Trades - Tigger Virus Targetting Online Trading Accounts
The Tigger virus is a trojan that is targetting people with online trading accounts and stealing information regarding their online stock trades.KY3 is reporting that there is a virus around called Tigger also known as Syzor that is stealing online stock trades data. It is a Trojan and was also reported back in February by Brian Krebs on Security Fix who said that it had already claimed over 250,000 victims.
This is all news to me and I am surprised we haven't heard more about it in the press.
Apparently the first time the virus was spotted was back in November 2008 by iDefense and they discovered that none of the 37 anti-virus products they used recognized it.
One month later, only AntiVir was capable of detecting it.
The quasi total invisibility of the virus allowed Tigger to infect over 250,000 Microsoft Windows systems.
Michael Ligh from iDefense said that the Tigger virus seems to target principally customers or employees who carry out online stock trades or options trading.
The short list of companies targeted being : E-Trade, Vanguard, ING Direct ShareBuilder, TD Ameritrade, Options XPress, and Scottrade.
The Tigger virus is thought to be the first malware to exploit a vulnerability patched by Microsoft in mid-October 2008 known as a "privilege escalation" vulnerability. It cannot be exploited remotely, but allows the virus to gain access to the Windows "administrator" account.
As a result, even running the system under a limited user account with no permission to make changes inside the OS -- this unpatched vulnerability on a Windows system would allow the virus to override any protection.
Operating Windows under a "limited user account" is an important step to keep your system safe, it is also important to install the latest patches, more important than anti-virus protection as most anti-virus tools seem to be rather poor at protecting against the latest viruses.
To set up a "limited user account" on your computer: -
- go to Start, then Control Panel
- click User Accounts
- click Create a new account
- name the account
- click Limited
- finally click Create Account
Using a limited user account will not allow you to add or remove programs like an administrator account would, so Pitt says logging in to that limited account for banking and trading would provide some protection from viruses.
"The scary part" said Ligh "is, none of us are really sure how Tigger is even being distributed. I look at a lot at info-stealing malware, and this is the first one I've seen in a while that goes to the trouble of removing other pieces of malware."
So what does the Tigger virus do and how does it target online stock trades ?
First it spends some time cleaning your PC, deleting 20 or so bits of malware you may have already on your system. The belief is that it wants your PC to appear clean and free of viruses.
It then installs a "rootkit", that runs in safe mode. This "rootkit" "compromises FAT and NTFS file system drivers, disables kernel debuggers, and blocks other processes from accessing the kernel driver's memory" -- this is designed to ensure that even if you reboot in safe mode you are still stuffed.
It then focuses on any anti-malware software you may have, disabling many products from AVG, CA, Avira, Outpost and Kaspersky, in addition to Windows' Defender and Firewall options. After it has done all this it gets going.
It gets your passwords for IM, remote-access, email, storage and network; along with FTP and POP3 authentication information, and helps itself to your cookies and certificates. It also takes screen shots and logs keystrokes to see what sites you are looking at. After which it gets system information, creates a backdoor, and tries to phone home for instructions.
As mentioned above it is doing all this as it wants to target onine brokerages and online trading firms among them Ameritrade, e-Trade, ING Direct, Options XPressScottrade, ShareBuilder, and Vanguard.
Scary stuff if you are involved in online trading !
For the latest info. - all incomprehensible to me unfortunately - you may wish to check out - this guy's blog he seems to be the world's leading expert on the matter - http://mnin.blogspot.com/2009/03/finding-tiggersyzor-infections-and.html
online stock trades tigger virus online trading
Home : Online Stock Trading
0 comments:
Post a Comment