Hi, this is Greg from Arlington, VA. I wanted to share some information with you folks that use social networking regarding the threat of Identity Theft and your on-line banking account.

It appears that over 500,000 online bank accounts and credit and debit cards have been compromised by a virus described as "one of the most advanced pieces of crimeware ever created". The Sinowal Trojan as it is called, has been tracked by the British security division of EMC, RSA FraudAction Research Lab, which helps to secure networks in Fortune 500 companies.

RSA FraudAction Research Lab has discovered log-in information for about 300,000 online bank accounts and 250,000 credit and debit card accounts that have been gathered by a cybercrime gang over the past three years using the Sinowal Trojan.

The Big Problem

RSA described Sinowal as "one of the most serious threats to anyone with an internet connection," because it works behind the scenes using a common infection method known as "drive-by downloads".

According to Microsoft, Drive-by downloading is a catch-all name for software downloaded on your computer without your knowledge or intervention. Drive-by downloading is different than phishing, which misleads users by using authentic-appearing sites that deceive users into entering sensitive information, and different than pop-ups, which fool users into agreeing to download software. Drive-by downloads sneak onto computers without the user’s knowledge or permission.

RSA said the trojan virus has infected computers all over the planet. Sinowal has been constantly updated with new variants.

See Full Report Here

In April 2007, researchers at Google discovered hundreds of thousands of web pages that initiated drive-by downloads. It estimated that one in ten of the 4.5 million pages it analysed were suspect. Sophos researchers reported in 2008 it was finding more than 6,000 newly infected web pages every day, or about one every 14 seconds.

Organized Cybercrime Gangs

RSA said the worrying aspect about Sinowal is that it has been operating for so long. One of the key points of interest about this particular trojan is that it has existed for two and a half years quietly collecting information. Any IT professional will tell you it costs a lot to maintain and to store the information it is gathering.

The group has been able to use the web to cloak its identity.

Remedies

Under normal circumstances, using caution and common sense goes a long way. Most of us are familiar with the term "think before you link." In other words, be wary of clicking on anything in a high traffic site like social networks. Also, it pays to observe the url displayed in the link and put it in the address line to connect.

But with this trojan, just surfing the site may allow your computer to become infected. So, in addition to common sense measures,

• Install the latest version of your browser, e.g., Internet Explorer 7, Firefox 3, etc.
• Keep anti-virus programs up to date and regularly scan your machine for malicious software, at least weekly - daily is better.
• Carefully monitor online bank accounts for suspicious activity. RSA urges users to be wary if different forms of authentication such as a social security number or other details are asked for by their "bank."
• Consider an Identity Monitoring and Restoration product to represent you if you become a victim.

RSA said it is co-operating with banks and financial institutions the world over to tell them about Sinowal. It also has passed information about the virus to law enforcement agencies.

If you would like additional information on Identity Theft Protection, please visit our web site.