zundel

Tuesday 52

This is your bank account on Windows

malware hazard

Read this:

Sold a Lemon in Internet Banking Krebs on Security

An online bank robbery in which computer crooks stole $63,000 from a Kansas car dealership illustrates the deftness with which cyber thieves are flouting the meager security measures protecting commercial accounts at many banks.

The controller didn’t know it at the time, but thieves had already compromised his Microsoft Windows PC with a copy of the ZeuS trojan, which allowed them to monitor his computer and log in to the company’s bank account using his machine.

To me, this attack gets to the heart of why these e-banking thefts continue unabated at banks all over the country every week […]
If a bank’s system of authenticating a transaction depends solely on the customer’s PC being infection-free, then that system is trivially vulnerable to compromise in the face of today’s more stealthy banking trojans.

[…] some of the techniques being folded into today’s banking trojans can defeat many of the most advanced client-side authentication mechanisms in use today.

from the author’s comment:

My advice? If you’re operating a business/commercial account and you’re banking online via anything but a Mac, a Live CD, or at the very least a dedicated PC, you’re playing with fire.

New Financial Trojan Keeps Online Banking Sessions Open after Users “Logout”

[…] a new type of financial malware with the ability to hijack customers’ online banking sessions in real time using their session ID tokens. […] keeps sessions open after customers think they have “logged off”’, enabling criminals to extract money and commit fraud unnoticed.

[…] it is designed to intercept user communications through the browser. It uses this ability to steal/inject information and terminate user sessions inside Internet Explorer and Firefox.

By tapping the session ID token […] the fraudsters can electronically impersonate the legitimate user and complete a range of banking operations.

Your anit-virus and anti-malware software may not catch this.

My advice:
Use a teller or a secure system (that means Linux).

Advertisements

1 Comment »

  1. […] This is your bank account on Windows (zundel.wordpress.com) […]

    Pingback by Be Alert Be Secure « Palak Mathur — Friday 125 @ am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: