Stabuniq trojan found on servers at U.S. banks

Share this article:

An information-gathering trojan has successfully compromised servers at a number of U.S. financial institutions, according to researchers at security firm Symantec.

Researchers said that of roughly 40 IP addresses infected with the trojan, known as Stabuniq, 39 percent belong to financial institutions, mostly in Chicago and New York. The trojan apparently spreads through targeted emails or via compromised websites that serve malware through exploit kits.

"These financial institutions had their outer perimeter breached, as the trojan has been found on mail servers, firewalls, proxy servers and gateways," Symantec software engineer Fred Gutierrez wrote Thursday in a blog post

Compromises are limited because Stabuniq's creators seem to be "targeting specific people and entities," he said. The current goal of the operation appears to be reconnaissance, not fraud.

The security firm also found successful hijacks at security solutions providers – likely because they were studying the threat – and on the computers of home users.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.