Experts at the Russian IT security developer, Doctor Web Company have reported Trojan inside a big Russian payment system QIWI's terminals which steals money after replacing the account number of the recipient resulting in funds being diverted straight to the attackers. Itar-tass.com published this in news on March 16, 2011.
State the experts that a malicious program called Trojan.PWS.OSMP infiltrated the OS of the terminal where it manipulated maratl.exe a legitimate process followed with modifying its memory.
Specifically, the malicious item, Trojan.PWS.OSMP infiltrated the system followed with a backdoor namely BackDoor.Pushnik that was pulled down online onto the terminals through a USB device. If successfully planted, Pushnik lets more malware to be downloaded and planted from the Internet. The backdoor conducts a search for an executable called maratl.exe within the system after which it pulls down the Trojan.PWS.OSMP malware without external help. The Trojan then alters maratl.exe in terms of its functions thereby facilitating the thieves towards tampering recipient account numbers and filching money coming into those accounts. Themoscownews.com published this on March 17, 2011.
...
