Security researchers from Symantec have identified an information-stealing Trojan module that was used to taint mechanism servers belonging to several U.S. financial institutions.
Dubbed Stabuniq, a Trojan module was found on mail servers, firewalls, substitute servers, and gateways belonging to U.S. financial institutions, including banking firms and credit unions, Symantec module operative Fred Gutierrez pronounced Friday in a blog post.
“Approximately half of singular IP addresses found with Trojan.Stabuniq go to home users,” Gutierrez said. “Another 11 percent go to companies that understanding with Internet confidence (due, perhaps, to these companies behaving research of a threat). A towering 39 percent, however, go to financial institutions.” (Also see “How to Avoid Malware.”)
Based on a map display a threat’s placement in a U.S. that was published by Symantec, a immeasurable infancy of systems putrescent with Stabuniq are located in a eastern half of a country, with clever concentrations in a New York and Chicago areas.
Compared to other Trojan programs, Stabuniq putrescent a comparatively tiny series of computers, that seems to advise that a authors competence have targeted specific people and organizations, Gutierrez said.
The malware was distributed regulating a multiple of spam emails and antagonistic websites that hosted Web feat toolkits. Such toolkits are ordinarily used to silently implement malware on Web users’ computers by exploiting vulnerabilities in old-fashioned browser plug-ins like Flash Player, Adobe Reader, or Java.
Once installed, a Stabuniq Trojan module collects information about a compromised computer, like a name, using processes, OS and use container version, reserved IP (Internet Protocol) residence and sends this information to command-and-control (CC) servers operated by a attackers.
“At this theatre we trust a malware authors might simply be entertainment information,” Gutierrez said.