SAP users warned over security flaws exploited by banking Trojan

Critical vulnerabilities in SAProuter, the SAP module used to connect users of the enterprise resource planning (ERP) software with SAP’s update services, could be compromising their security, according to Alexander Polyakov, chief technology officer of ERPScan. See full article here

According to Polyakov, there are around 5,000 instances of SAProuter connected to the internet (based on SAP Security in Figures 2013 report) and theoretically capable of taking a connection. Although SAP belatedly issued a patch for the application 6 months ago, about 85 per cent of the instances scanned by ERPScan remain unpatched.

The issue has gained added urgency since anti-virus software vendors spotted a new version of the old Trojan.iBank malware that is capable of scanning for the existance of SAP software on client PCs within organisations.