1 December 2011
RSA Anti-Trojan Service Reselling Data Stolen Twice
Some time back I was approached by an RSA representative regarding their
Israel based RSA Anti-Fraud Command Center and their Anti-Trojan Service,
a service targeting but obviously not limited to clients like major banks
and credit card companies.
Upon our inquiry to what the value of this service was they were more than
happy to oblige with a small sample of what information the service would
provide us; a one MB+ text file with stolen accounts and creditcard data:
Trojan Family: Zeus (version 2)
Timestamp: 4/XX/2011 3:36 PM
rtime: 4/XX/2011 11:45 PM
- Or -
...with all information available in clear text, passwords, Credit Card numbers
with full details.
It seems quite obvious that the source is from trojan "Command and Control"
that have collected the data from infected computers around the net, in this
case Zeuz Bot.
In this day and age is it good business practice to sell private and confidential
information that has been stolen and then stolen again?
Besides the fact that its hardly "Anti-Trojan", the moral implications of
this kind of business are many and on many levels, but it is nothing RSA
and its "Anti-Fraud Command Center" are shy to advertise as a "consumer"
Makes me wonder what's next? an RSA Trojan that infects and collects the
information for the service? Or perhaps thats already the case...