Security Advisory
DBS iBanking: Trojan alert (Torpig, Mebroot or Sinowal)
It has come to our attention on a Trojan circulating in the Internet, targeting Internet Banking site.
This Trojan will phish customer ID, PIN and at times, one time password whenever a customer visit an Internet Banking sites. This variant of Trojan goes by the name Torpig, Mebroot or Sinowal. Please ensure that your machine is loaded with the latest patches and AntiVirus signature updates before you visit any Banking sites.
The following list of AntiVirus software is known to be able to detect and quarantine this Trojan variant.
| AntiVirus |
Version |
Signature date |
Virus name detected |
| a-squared |
4.5.0.24 |
2009.10.02 |
Win32.SuspectCrc!IK |
| AntiVir |
7.9.1.27 |
2009.10.02 |
Sinowal.ffv |
| Antiy-AVL |
2.0.3.7 |
2009.10.02 |
Backdoor/Win32.Sinowal.gen |
| Authentium |
5.1.2.4 |
2009.10.02 |
W32/Backdoor2.FRFE |
| AVG |
8.5.0.420 |
2009.10.02 |
BackDoor.Generic11.AUTR |
| BitDefender |
7.2 |
2009.10.03 |
Trojan.Generic.2415597 |
| CAT-QuickHeal |
10.00 |
2009.10.01 |
Backdoor.Sinowal.ffv |
| Comodo |
2495 |
2009.10.03 |
Backdoor.Win32.Sinowal.ffv |
| F-Prot |
4.5.1.85 |
2009.10.02 |
W32/Backdoor2.FRFE |
| F-Secure |
8.0.14470.0 |
2009.10.02 |
Trojan:W32/Mebroot.gen!B |
| Fortinet |
3.120.0.0 |
2009.10.03 |
W32/Agent.KZO!tr |
| GData |
19 |
2009.10.03 |
Trojan.Generic.2415597 |
| Ikarus |
T3.1.1.72.0 |
2009.10.02 |
Win32.SuspectCrc |
| K7AntiVirus |
7.10.858 |
2009.10.01 |
Trojan.Win32.Malware.1 |
| Kaspersky |
7.0.0.125 |
2009.10.03 |
Backdoor.Win32.Sinowal.ffv |
| McAfee |
5759 |
2009.10.02 |
PWS-JA!d |
| McAfee+Artemis |
5759 |
2009.10.02 |
PWS-JA!d |
| McAfee-GW-Edition |
6.8.5 |
2009.10.02 |
Trojan.Backdoor.Sinowal.ffv |
| Microsoft |
1.5101 |
2009.10.02 |
Trojan:Win32/Meredrop |
| NOD32 |
4477 |
2009.10.02 |
a variant of Win32/Mebroot.CF |
| nProtect |
2009.1.8.0 |
2009.10.02 |
Backdoor/W32.Sinowal.348160.AU |
| Panda |
10.0.2.2 |
2009.10.02 |
Trj/CI.A |
| Prevx |
3.0 |
2009.10.03 |
Medium Risk Malware |
| Sophos |
4.45.0 |
2009.10.02 |
Troj/Agent-KZO |
| Symantec |
1.4.4.12 |
2009.10.03 |
Trojan.Mebroot |
| TheHacker |
6.5.0.2.027 |
2009.10.02 |
Backdoor/Sinowal.ffv |
| TrendMicro |
8.950.0.1094 |
2009.10.02 |
TROJ_SINOWAL.FT |
| VBA32 |
3.12.10.11 |
2009.10.03 |
Backdoor.Win32.Sinowal.ffv |
| VirusBuster |
4.6.5.0 |
2009.10.02 |
Trojan.DL.Sinowal.Gen.13 |
Important - If you have visited this fake website and you have filled in your particulars, please contact DBS immediately by calling our DBS Customer Service Centre at 1800-111-1111 to re-set your DBS iBanking User ID and PIN. You will be attended to by our experienced DBS staff. Once again, DBS will never ask you to verify any personal information by email.
If you need any assistance or require any clarifications, please call our Customer Service Center at 1800-111-1111.
What is Phishing?
When a bogus organisation goes 'Phishing' (pronounced 'fishing'), it is attempting to illegally obtain sensitive personal information from you, e.g. your user ID, password, bank account numbers, credit card numbers etc. They will then use the information you have provided to access your account for illegal purposes, e.g. commit credit card fraud with the credit card numbers that you have mistakenly provided to the 'phishing' individual or organisation.
How is Phishing usually done?
Common techniques that are used by the phishing fraudsters include, but are not limited, to the following:
- Using false email addresses, logos, and graphics to mislead you into accepting the validity of the emails and web sites;
- Faking domain names to appear as it they represent us;
- Duping you into providing personal details through one or more methods, such as hyperlinks to fake websites or embedded forms in emails.
For example, you may receive an email that claims to be from DBS that asks you to click on a link to a website within the email to update certain sensitive information for certain reasons. When you click on the link, you will be directed to a particular web site that may look exactly like ours where you will be asked to enter sensitive information. Emails like these may look quite sophisticated and even carry our logos. However, do not trust them.
As a matter of security, DBS Bank will never send you an email asking you to update your personal information.
How come the Bogus Web Site looks EXACTLY like your DBS iBanking site?
It is relatively simple to make a Web site look exactly like a legitimate organisation's site by merely duplicating what is available from the Internet.
How can I prevent myself from being 'phished'?
Do not follow any link(s) within a suspicious email to the DBS iBanking web site. Because it is our policy to never request account holders through email to update your personal account information, please note that any emails that request for your information in this manner is definitely bogus.
Below are some other steps that you can take to prevent yourself from being a victim of a 'phishing'; scam:
- Always enter the full URL for DBS iBanking into your browser address bar.
- Never reveal your PIN to anyone. No staff of DBS Bank should ever ask you for your PIN under any circumstances.
- If you get an email that warns you that a DBS/POSB account of yours will be shut down unless you reconfirm your personal information, do not reply or click on the link in the email. Never click on a link in an email that prompts you to login with your DBS iBanking User ID and PIN. Always type in the actual URL of the DBS iBanking website into your browser.
- Avoid emailing personal and financial information. Before submitting financial information through a Website, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission. DBS will never solicit personal and financial information from you via a form or forms in an email.
- Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorised charges. If your credit card and/or bank statements are late by more than a couple of days, please call our Credit Card Service Centre. You can also call to confirm your billing address and account balances.
Should I report a bogus Phishing site or suspicious email?
We would appreciate it greatly if you do. If you suspect that you are being phished, please feel free to contact us at our Customer Service Centre to notify us. Your report will help us identify phishing websites that seek to target DBS and our valued customers like yourself. In addition, this information will help us publish and maintain a list of these fraudulent sites so that other users will be warned.