Tech | February 22, 2009 | 9 comments

Hackers barrage bank accounts

source: http://www.usatoday.com/money/industries/banking/2009-02-22-bank-accounts-hackers_N.htm

Image
Buddah_Funk
New and nasty banking trojans are on the rise on the Internet and attacking online bank accounts.
The new trojan programs — which wait on your hard drive for an opportunity to crack your online banking account — are different from traditional "phishing" e-mail scams that try to trick you into typing your login information at fake bank websites.

They're invisible, can steal data multiple ways and require no action by the victim to be launched.

"Phishing doesn't work as well as it used to," says Patrik Runald, security specialist at F-Secure, the Internet security firm. "Banking trojans provide a very effective and direct means for the bad guys to get their hands on the money."

Banking trojans can be gotten by clicking on a viral link to a greeting card or video that arrives in e-mail spam. Or, they can be picked up by clicking to a Web page that's been corrupted by hackers.

F-Secure tallied 59,177 unique banking trojans circulating on the Internet in 2008, up from 15,969 in 2007. The escalation partly underscores how intensively criminal hackers churn out new variants to escape detection by antivirus programs.

Banking trojans "are more advanced and evolving faster than antivirus solutions," says Gunter Ollmann at IBM Internet Security Systems.

The American Bankers Association acknowledges the rise. Doug Johnson, vice president of risk management policy, notes that most U.S. banks try to make certain that online customers log in from their usual computer.

Losses caused from unauthorized transactions aren't known. Banks generally don't disclose them.

A typical banking trojan remains dormant until the customer logs on to a banking website. It then steals usernames and passwords by capturing keystrokes or copying the log-on page after the victim has filled it out.

So-called man-in-the-middle trojans go further. One type makes illicit cash transfers while the victim is legitimately logged on. Another can reproduce a copy of the Web page showing account balances — except with the balances altered to show the numbers the victim expects to see. This buys time for the thief to drain the account and hide his trail, Ollmann says.

Despite the trojans, Johnson of the bankers' association insists "online banking, on balance, is safe."

-------------------------------------------------

Is online banking safe?
  1. groups:
    Community,   Tech,   U.S. News
  2. tags:
    News Current TV Tech U.S. News 2 more
  3.     
    |

9 comments // Hackers barrage bank accounts

  • oly90808
  • gldeer
    • 0
      gldeer  

    • ugh, once again the master password system prevails. When I go to my bank's web site firefox knows it's the right one and fills in my log in. You can't just put a picture of a bank logo and some log in boxes for it to auto fill. Even if a security cracker had a keystroke logger on my PC it wouldn't help them. Since firefox auto fills my log in, a key logger would only log me typing in my bank's URL and then hitting enter to log in.

      Even if they did get my bank log in details they couldn't log in to my account from their computer. My bank has a feature where it emails you a confirmation code when you log in from a new computer. So they'd have to crack my email as well to get the confirmation code so they could log in. And then once they've gone through all that trouble they'll realize I'm 50 bucks in the negative anyway so it was all for naught.

    • 2 years ago
  • standingchair
    • 0
      standingchair  

    • Doesn't anyone find it odd handing over money to a bank? I mean I can walk in any bank in my branch and hand over my check to a complete stranger to process on a screen I can't see. It doesn't sit right.

      But I digress. Keep your computer up to date with a good anti-virus NOT A FREE ANTI-VIRUS and use common sense when surfing the web and downloading. I suggest keeping p2p and other such programs on a separate computer from the one you are doing your banking on, and if you are willing to make the switch - use Linux or Unix - you'll thank yourself after a month or two.

    • 2 years ago
  • ilikeike
  • CreditFigaro
    • 0
      CreditFigaro  

    • Banking online is wayyyyyy safer than standing at an ATM in the middle of a shady area.

      This stuff can be dealt with, and it's not that volatile. Banks have to do whatever, and if there is some kind of weird thing going on with your account you are supposed to be notified... right?

    • 2 years ago
  • maisry
    • 0
      maisry  

    • I'm OK with doing online banking for every day bill paying, etc., with one limited funds account. But for the bigger stuff on my other account, I actually go inside the bank.

    • 2 years ago
  • opit
    • 0
      opit  

    • IT here routinely advises online banking is safer than the alternatives. Then again, ATM card readers have been circulating, so that may be a limited reasurrence !

    • 2 years ago
  • afishlikeme
  • islek
    • 0
      islek  

    • I think for the most part, online banking is still a relatively safe way to go. Have strong passwords and change them often, and be smart about how and when you access your account. (I personally don't have anything worth stealing anyway.)

      Oh, and don't open any greeting cards in your e-mail, apparently.

    • 2 years ago
more from Tech:
from the community

top videos