The Spam Cryer

Stimulus packages, stock brokers and Trojans, Oh My!

 Email This Post   

March 3rd, 2009

‘Follow the money’ With the recent stock market volatility creating interest and opportunity for a savvy investor the lure of all that money is attracting the attention of malware writers.

Michael Kassner the Manager of IT for Getinge LaCalhene and a well certified IT Professional recently ran into a piece of malware with a twist. Called Tigger/Syzor it appeared on the PC of a friend of Michael’s who is a day trader and deals with companies like E-Trade, ING Direct, Vanguard, Options Xpress, TD Ameritrade and Scottrade.

Guess what? Tigger/Syzor likes the same friends as it is a safe mode rootkit password stealing Trojan that targets day traders. Michael was able to use tools like Malware Bytes Anti-Malware (MBAM) to find and remove some files that were identified as malware but ultimately he went with a full clean re-install of the operating system and all applications just to be sure.

The day trader does keep his computer up to date with patches and program updates so what else could he have done? How about running in a virtual environment? With tools like VMWare Server being offered for free and giving you the ability to run an isolated second complete copy of the operating system and programs he could have run the tools that are critical to his job in one and done his research (web browsing) in a second. This isolates the whole system so that if one aspect of his system get’s infested he can just roll back to a previous version or snapshot without the infection and continue running with only a few minutes downtime and not a whole panic filled weekend.

He would even be able to turn off the day trading virtual system after the markets close and let his kids (I don’t know if he has any – just speculating) use a separate dedicated kids only virtual machine that was locked down and set to clear all changes when it was rebooted. This may require that a few additional licenses of Windows be purchased and a little discipline to not get lazy and browse from his critical virtual machine but as they say an ounce of prevention is worth a pound of cure. The day trading tools that he uses also have to be able to run in a virtualized environment and be supported by the vendor when running in such a way.

A second thing this day trader should do is run his home network like a corporate network with similar hardware (http://www.firewallshop.com) and protective measures in place. I’d hazard a guess that he is running a consumer level firewall (with unprotected wireless on too I’d bet) that acts as a one way valve using Network Address Translation (NAT) and very little else.

He makes his living by day trading so treat this network like the office it is and install a corporate level firewall like a FortiGate that does layer 7 anti-virus scanning at the edge. With the recent introduction of the FortiGate 30B Bundle the price of a very capable corporate level firewall has dropped to the $500.00 range with one year of updates and basic support. When your living depends on your trading thousands of dollars daily doesn’t it make sense to protect your investment and passwords with an enterprise level firewall?

Tigger.A: Sophisticated trojan that likes stockbrokers
http://blogs.techrepublic.com.com/security/wp-trackback.php?p=960

Michael Kassner
http://techrepublic.com.com/5213-6257-0.html?id=4730583

FortiGate 30B
http://www.firewallshop.com/detail.aspx?ID=257

Entry Filed under: Botnets, Online Scams, Phishing