Beware of Banking Trojans
Anna
January 25, 2012
0 votes
Criminal gangs are after your money, and a few of them may be smart enough to get it.
Banking Trojans have been around since at least 2007 and they have become part of our everyday lives. In recent months, ZeuS Trojans have targeted to Finnish banks, resulting in financial losses for hundreds of customers. The success of these trojans has been startling and similar attacks are occuring around the globe.
How does a ZeuS Trojan work?
First, a trojan has to find a computer that is not fully protected. Once it infects a PC, the malicious software sits waiting until it is activated when a customer establishes an online connection to his or her bank.
When this happened to customers in Finland, they saw a message that said, “We are sorry, there is an error and we are working to fix it.” At that point the attack is a success. Personal information provided by the customers can then be exploited and cash transfers can then begin. Often customers do not even realize that they’ve been attacked until long after the transfers are made.
F-Secure’s Labs’ Threat Research Team has been investigating banking trojan cases for more than half of a decade. F-Secure’s Security Advisor Sean Sullivan says: “While Finnish banks have excellent safeguards and protections, we should remember that some of those protections are almost 20 years old. Cyber criminals have had plenty of time to work out new strategies.”
What can we do to protect ourselves?
Here’s Sean’s advice:
1) Don’t panic. It’s a real problem, but no more so than getting your pocket picked in the real world.
2) Keep your software up to date, and uninstall that which you don’t use. (e.g., Java). We recommend F-Secure’s Internet Security 2012, of course.
3) If you feel there’s something unusual about your online banking experience, call your bank and chat with their support. They are more than happy to help you!
Cheers,
Anna
CC image by: BFS Man
I note that F-Secure is listed as internet security software that is compatible with Rapport (http://www.trusteer.com/product/trusteer-rapport) for secure internet banking. What are F-Secure’s views on utilising this and similar offerings to supplement F-Secure itself? As these offerings communicate session information back to a server, could they themselves become a security threat (e.g. via code added by a developer employee)?
Good questions, Paul. Passing this on to see if we can get you an answer.
Dear Jason – any answer on this? My bank is also offering Trustee Rapport for free, and I am wondering whether I need it next to F-Secure or not.
Sorry, I’m not sure. Our Customer Care team can answer that for you: http://www.f-secure.com/en/web/home_global/support/contact
Thank You F-Secure for posting the”Heads Up” security advice and information. I also am going to mention that I work on many computers and in by doing that you’ve gained new customers as a result of my advise to them…… thanks again and keep up the “good work”
[…] we’ve talked about banking Trojans before, none have been as detrimental to users as the GameOver Zeus or GOZ Trojan, which initially began […]
[…] we’ve talked about banking Trojans before, none have been as detrimental to users as the GameOver ZeuS or GOZ Trojan, which initially began […]