A new spam campaign was launched over the weekend, featuring a Trojan capable of stealing passwords disguised as a legitimate Microsoft Windows update.
Kaspersky Lab has confirmed that the Trojan Trojan-PSW.Win32.Sinowal.u belongs to a new generation of Trojans that is becoming increasingly sophisticated. The Sinowal Trojan was first detected at the end of last year and primarily spreads through attachments on dangerous websites. This malicious software originates from Russia.
If users visit a website while their operating system and browser lack proper patches, this malware will automatically install itself on their systems and steal personal information such as online banking credentials.
In this latest spam campaign, the Trojan uses email addresses originating from Germany. No longer dependent on websites for attacks, the latest version of Sinowal attempts to trick users into installing it by masquerading as an official Microsoft update patch.
Kaspersky suggests that the authors of this malware have shifted to email distribution tactics due to concerns over the effectiveness of browser exploitation methods.
The Sinowal Trojan also functions as a “man-in-the-middle” malware. If users connect to their online banking accounts via the Secure Sockets Layer (SSL) protocol, Sinowal can still inject HTML code to generate a pop-up window requesting users to enter their account and password. This Trojan is programmed to interactively mimic the bank’s website.
Unlike other types of malware, this Trojan directly sends the information it collects to its owner rather than storing it on a server. It also has the capability to automatically update to the latest version.
Users are advised to update their operating systems and security software to avoid being attacked.
Hoàng Dũng
