Hundreds of thousands of visitors NU.nl possibly infected with trojan

0
426

An estimated one hundred thousand visitors of the news site NU.nl would Wednesday afternoon have been infected with the Sinowal trojan. Also most anti-malware tools are not able to find the relevant trojan to remove.

That report Security.nl. Security firm Fox-IT would be via detection software that the companies running, suspicious activities have been observed in visits to the NOW.en-website. If the figures are extrapolated, would the number of estimated hundred thousand with the Sinowal malware infected systems result. According to unconfirmed reports at one company even 500 systems became infected.

Hackers knew Wednesday via the content management system of NU.nl a javascript file on the server of the site. This script got an exploit kit on a server in India. Through vulnerabilities in outdated versions of Adobe Reader and Java were then able to Windows systems, with the notorious Sinowal-trojan becoming infected.

The Sinowal trojan embeds itself in the master boot record of the hard drive. This would be for the majority of the anti-malware tools problems. The firm Surfright, who on Wednesday first reported the malware on NU.nl has a version of HitmanPro package and released as Sinowal, however, would know to remove.

Another option is to start with a bootable cd-rom or usb-stick and the ‘fix mbr’command to run. This is the boot sector re-created. A complicating factor is, however, that the new Sinowal variant, which is the stealing of banking information, checks whether the module is in the master boot record is present. If this hook by anti-malware software is removed, he is back.

Now Waarschuwingsdienst.nl a information from the Government, a report about the malware incident at Nu.nl placed. A concrete roadmap to the Sinowal malware from an infected system to remove, offers the website, however, not yet.