Iowa State University

ITInformation Technology

Hackers Target Banking Credentials

This news item expired May 14, 2010. It may contain out-of-date information.
The latest computer virus of concern is called Torpig, also known as Sinowal or Anserin. This malicious malware affects computers running Windows and is designed to capture key strokes to gather sensitive information such as bank account and credit card information, login IDs, and passwords. You will not be able to detect Torpig on your own computer. However, sometimes network activity can be detected when the infected computer communicates with the hackers‘ computer. If this traffic is detected, ITS will send you a notification and instructions to remove the virus.

ITS continues to see a number of campus computers compromised through seemingly routine web browsing of trusted websites. The infected websites are usually cleaned quickly, but simply browsing an infected site can bring the malware into your computer. Torpig exploits outdated versions of Adobe Reader, Flash, and Java even when an updated version of an antivirus program is running. These types of attacks are not new; however, this recent wave appears to be more effective.

Action Recommended: Update Vulnerable Software
NOTE: You must log in with an administrative account before performing these recommended updates. If your computer is managed by ITS or your department, contact your support staff before attempting any updates.

Update Adobe Reader if Installed
1. Launch Adobe Reader.
2. From the Help menu, choose the option labeled "About Adobe Reader".
3. If the version displayed is 9.3.0 or higher, then you are already updated. If the version is not 9.3.0 or higher, download and install the latest version of Adobe Reader from Adobe Products - Reader.

Update Adobe Flash
1. Determine the Flash version you have installed by visiting the official About Adobe Flash Player page.
2. If your version of Flash is out of date, visit the Player Download Center link on the About Adobe Flash Player page and follow the installation instructions.
3. If you use more than one web browsing program, repeat this process with each additional browser.

Update Java
1. Determine if you have the current version of Java by visiting the Java website and clicking the link "Do I have Java?" If you do not have the current version, you will be given the opportunity to download it.
NOTE: Remove all older versions of Java before downloading the current version.
2. Click "Download Java Now" and follow the installation instructions.

Recommended Alternate Browser for Risk Reduction
Download Adblock Plus to your Firefox browser to control online advertising. More advanced users may choose to additionally install Flashblock and NoScript. This appears to reduce the risk of infection but does not eliminate the need to follow the other best practices previously listed.

IT Security Incident Reporting Policy