Computers at a majority of Canada’s big banks are infected with a malicious computer worm capable of logging keystrokes and stealing passwords, an Ottawa security firm has warned.
Defence Intelligence Inc. said Monday it has been monitoring the worm dubbed Mariposa for five months and has watched it spread to machines at more than 50 of the top 100 Fortune 500 companies as well as Canada’s banks.
The Canadian Bankers Association said it is aware of the worm, which it believes has done little if any damage.
But Christopher Davis, chief executive officer of Defence Intelligence, called Mariposa “a highly sophisticated piece of malicious software” that appears to be very selective in its targets.
“We’ve detected compromised behaviour from hundreds of government agencies, financial institutions, universities and corporate networks worldwide, but surprisingly few home users,” he said.
Mr. Davis said his team of 11 employees stumbled across the worm while monitoring routine Internet traffic in May.
They noticed packets that seemed to be coming from a well known financial institution reporting back to servers in Israel and Germany. Further inspection revealed the packets were coming from a malicious software program designed to steal information from banks, government and other financial institutions.
Most computer worms spread through infected e-mails or websites that take advantage of a specific software vulnerability within a computer’s web browser. According to Mr. Davis, Mariposa spreads through USB keys, MSN Messenger and a weakness in corporate networking software. He said the worm has been infecting more than 7,000 computers a day.
Andrew Addison, spokesman for the Canadian Bankers Association, said Mariposa has not breached the sophisticated security systems in place to protect customers’ personal and financial information.
“Banks are aware of this malicious software and, based on discussions last week with a number of banks, there has been little-to-no-impact from it at all,” he said.
Still, banks are working to eliminate the worm, Mr. Addison said.
Mr. Davis said the worm is particularly scary because it originated in a “kit” sold online for 700 euros by a hacker who wrote the basis for the code. Defence Intelligence believes as many as 10 copies of the kit have been sold, with buyers using the source code to create more than 70 variants of Mariposa so far.
(Canada)