Beware of Banking Trojans

Online Threats

Criminal gangs are after your money, and a few of them may be smart enough to get it.

Banking Trojans have been around since at least 2007 and they have become part of our everyday lives. In recent months, ZeuS Trojans have targeted to Finnish banks, resulting in financial losses for hundreds of customers. The success of these trojans has been startling and similar attacks are occuring around the globe.

How does a ZeuS Trojan work?

First, a trojan has to find a computer that is not fully protected. Once it infects a PC, the malicious software sits waiting until it is activated when a customer establishes an online connection to his or her bank.

When this happened to customers in Finland, they saw a message that said, “We are sorry, there is an error and we are working to fix it.” At that point the attack is a success. Personal information provided by the customers can then be exploited and cash transfers can then begin. Often customers do not even realize that they’ve been attacked until long after the transfers are made.

F-Secure’s Labs’ Threat Research Team has been investigating banking trojan cases for more than half of a decade. F-Secure’s Security Advisor Sean Sullivan says: “While Finnish banks have excellent safeguards and protections, we should remember that some of those protections are almost 20 years old. Cyber criminals have had plenty of time to work out new strategies.”

What can we do to protect ourselves?

Here’s Sean’s advice:

1) Don’t panic. It’s a real problem, but no more so than getting your pocket picked in the real world.

2) Keep your software up to date, and uninstall that which you don’t use. (e.g., Java). We recommend F-Secure’s Internet Security 2012, of course.

3) If you feel there’s something unusual about your online banking experience, call your bank and chat with their support. They are more than happy to help you!

Cheers,

Anna

CC image by: BFS Man

Tags

Rate this article

0 votes

7 Comments

I note that F-Secure is listed as internet security software that is compatible with Rapport (http://www.trusteer.com/product/trusteer-rapport) for secure internet banking. What are F-Secure’s views on utilising this and similar offerings to supplement F-Secure itself? As these offerings communicate session information back to a server, could they themselves become a security threat (e.g. via code added by a developer employee)?

Dear Jason – any answer on this? My bank is also offering Trustee Rapport for free, and I am wondering whether I need it next to F-Secure or not.

Thank You F-Secure for posting the”Heads Up” security advice and information. I also am going to mention that I work on many computers and in by doing that you’ve gained new customers as a result of my advise to them…… thanks again and keep up the “good work”

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like