A new spam campaign has just been launched over the weekend by the emergence of a trojan capable of stealing passwords attached to a genuine Microsoft Windows update.
A new spam campaign has just been launched over the weekend by the emergence of a trojan capable of stealing passwords attached to a genuine Microsoft Windows update.
Security vendor Kaspersky Lab claims the Trojan-PSW.Win32.Sinowal.u trojan belongs to a new generation of trojans that are growing strongly. Sinowal's trojan line was officially discovered at the end of last year, spreading primarily through attachment to dangerous websites. The origin of this dangerous software line is from Russia.
If the user accesses a site while their operating system and browser are not installed with reasonable patches, this malware will automatically install on their system and steal the information. believe people like online bank accounts .
Picture 1 of Trojans appear fake Microsoft patch In this latest spam campaign this trojan uses email addresses originating from Germany. No longer relying on websites to attack, Soniwal's latest version tries to trick users into installing them by attaching itself to a genuine Microsoft update patch.
Kaspersky said the author of the malware decided to switch tactics via email due to concerns about the success of the browser-exploiting method.
Sinowal trojan is also a kind of man-in-the-middle malware. If users connect online banking account websites via Secure Sockets Layer (SSL) security protocol, Sinowal still has the ability to insert HTML code to generate a pop-up window that requires users. must enter account and password. This trojan has been programmed to be able to react to the bank's web interactions.
Contrary to other types of malware, this trojan sends directly the information it receives back to its owner instead of storing this information on a server. It also has the ability to automatically update to the latest version.
Users are advised to update the operating system and security software to avoid being attacked.