Stabuniq trojan found on servers at U.S. banks

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.scmagazine.com/stabuniq-trojan-found-on-servers-at-us-banks/article/273616/

An information-gathering trojan has successfully compromised servers
at a number of U.S. financial institutions, according to researchers
at security firm Symantec.

Researchers said that of roughly 40 IP addresses infected with the
trojan, known as Stabuniq, 39 percent belong to financial
institutions, mostly in Chicago and New York. The trojan apparently
spreads through targeted emails or via compromised websites that serve
malware through exploit kits.

"These financial institutions had their outer perimeter breached, as
the trojan has been found on mail servers, firewalls, proxy servers
and gateways," Symantec software engineer Fred Gutierrez wrote
Thursday in ablog post.

Compromises are limited because Stabuniq's creators seem to be
"targeting specific people and entities," he said. The current goal of
the operation appears to be reconnaissance, not fraud.

The security firm also found successful hijacks at security solutions
providers – likely because they were studying the threat – and on the
computers of home users.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.