IT Professionals

Malware Faking Online Bank Statements

Posted by on Oct 2, 2009 | 2 Comments

As if we did not have enough malware and phishing concerns these days. This latest report on a security threat that all platform users might want to keep an eye on is rather disturbing. Apparently there is now malware out there that will go so far as to fabricate a fake page representing your latest bank statement from your bank’s Web site. Scary, huh? What makes this whole thing so frightening is just how long it may take some people to realize that they have been hit in the first place.

So how are people being infected with this malware? Apparently it can happen in various browsers when the end user ends up visiting Web sites infected by a Trojan known as URLZone. To make matters worse, it seems that both legitimate and criminal based Web sites are showing up as affecting individual users.

How does it work exactly? According to the linked article above, the basic idea is that once a victim is infected by the Trojan, the user’s login credentials are grabbed by the malware then contacts a computer overseas for the instructions on what to do next.

Now at this point, I know that I find myself asking what could be the best defense against something like this? Honestly, based on the fact that these kinds of attacks can be hidden in so many ways, I don’t have an easy answer. Best bet is to be on constant guard and when in doubt, double check things closely while keeping your browser settings as secure as possible.

[awsbullet:malware virus phishing security]

  • http://www.khurt.com/blog/ Khürt Williams

    With the current problems TD Bank customers are facing extra caution is needed.

  • http://www.goretsky.com/ Aryeh Goretsky

    Hello,

    At work, I was asked to give some recommendations on how to avoid this malware, which has been used to target a German bank. Here they are:

    Keep all operating systems, web browsers and application software up-to-date with the manufacturer’s latest patches to reduce the number of exploitable vulnerabilities on the computer system.
    Do not login to the system as an Administrator unless performing maintenance, installing software and so forth. Criminals use software exploits to give their malicious creations the permissions of the currently logged in user. By logging in as a Standard User, with the least amount of privileges required to get work done, you greatly reduce the likelihood that the operating system, web browser or an application getting compromised results in a successful exploitation.
    Consider installing and using a separate web browser—one with low market share—for banking transactions. Attackers have limits, too, and will create attacks the most commonly used tools, since this providers greater ROI.
    Consider blocking all advertisements and disabling scripting globally (and then enabling as needed on a per-site basis). Malware like this banking Trojan are often injected via malicious advertisements purchased via stolen credit cards or by modifying the pages of compromised web sites to “inject” the program into the user’s computer. Disabling these helps improve the security of the user’s browsing session.
    Run antivirus software to detect malicious threats. (“‘Nuff Said.” – Stan Lee)

    Although it hasn’t been seen in the US yet, as far as I know, it is still a good idea to be cautious when online banking.

    Regards,

    Aryeh Goretsky