Symantec researchers are warning of a Trojan called Stabuniq, which appears to be specifically targeting U.S. financial institutions.
"Researchers said that of roughly 40 IP addresses infected with the Trojan ... 39 percent belong to financial institutions, mostly in Chicago and New York," writes SC Magazine's Dan Kaplan. "The Trojan apparently spreads through targeted emails or via compromised websites that serve malware through exploit kits."
"Once installed, the Stabuniq Trojan program collects information about the compromised computer, like its name, running processes, OS and service pack version, assigned IP (Internet Protocol) address and sends this information to command-and-control (C&C) servers operated by the attackers," writes Computerworld's Lucian Constantin. "'At this stage we believe the malware authors may simply be gathering information,' [Symantec] said."
"On the surface, this theft seems relatively benign, and Stabuniq is fairly easily removed and blocked once it is discovered," writes Ars Technica's Sean Gallagher. "But it could be just a proof-of-concept for another attack in preparation for deployment of a much more malignant set of code."