by Will Safer, posted Nov 3rd 2008 PM
The next time you upload pictures from your birthday bash or post comments to your favorite social networking site, you may be doing more than putting your reputation on the line and online. You may also be exposing your bank account data to a pretty sneaky Trojan horse.
A Trojan horse called Sinowal, which to date has gathered more than 500,000 online bank accounts, may be one of the most advanced and dangerous security risks on the Web, according to Internet security firms that track these sorts of things.
Apparently devised in Eastern Europe – most likely Russia – the Sinowal Trojan and its variants stealthily gather banking data by waiting for unsuspecting users to browse commonly trafficked Web destinations, including popular social networking sites like Facebook and MySpace. A user doesn't need to click on a pop-up window or do anything else traditionally seen as risky -- the Trojan downloads to the user's computer in the background automatically.
That the Sinowal Trojan has been around for about two years already has some Internet security folks extra worried. Sean Brady, of security firm RSA, told the BBC:
"One of the key points of interest about this particular Trojan is that it has existed for two and a half years quietly collecting information. Any IT professional will tell you it costs a lot to maintain and to store the information it is gathering. The group behind it have made sure to invest in the infrastructure no doubt because the return and the potential return is so great."
These so called "drive-by" infections are cropping up all across the Internet, with as many as 1 in 10 sites showing some kind of malicious software risk, according to a Google estimate.
The advice from Web security experts: Think before you link. For information on more sneaky computer viruses you should watch out for, check out our round-up below [From BBC News.]