When Trojans Go Phishing – 500,000 users already infected

Finjan released a report on Tuesday detailing how new Crimeware (Crime Software) is being used to steal banking customer data from infected PCs.

During July 2007, Finjan has identified 58 criminals using the MPack toolkit who have successfully infected over 500,000 unique users. The infection ratio stands at 16% from 3.1 million attempts – indicated by the web traffic volumes of the infecting sites. Finjan’s analysis indicates that the crimeware being used within MPack steals bank account information, such as user name, password, credit card number, social security number etc., in a creative way.

The crimeware is capable of stealing account information from several banks around the world without leaving any traces behind. Stolen data is being sent to the criminals over a secure communication channel (SSL) to avoid detection. Users whose machines were infected by this crimeware will not notice any change to their normal PC and online browsing experience.