Trojan
is still at large and may strike again, experts war
Cyber criminals have raided the accounts of thousands of British internet bank customers in one of the most sophisticated attacks of its kind.
The fraudsters used a malicious computer programme that hides on home computers to steal confidential passwords and account details from at least 3,000 people.
The internet security experts M86, who uncovered the scam, estimate that at least £675,000 has been illegally transferred from the UK in the last month - and that the attacks are still continuing.
Out of action: The new trojan virus can empty bank accounts without their owners knowing about the theft as it shows them fake statements
All the victims were customers with the same unnamed online bank, the
company said.
company said.
Last night online banking customers were urged to make sure their
anti-virus software was up to date - and to check for any missing sums
from their accounts.
anti-virus software was up to date - and to check for any missing sums
from their accounts.
The attack has been traced to a 'control and command' centre in
Eastern Europe. However, the nationality of the cybercriminals is
unknown.
Eastern Europe. However, the nationality of the cybercriminals is
unknown.
TROJAN PROTECTION TIPS
- Make sure your anti-virus software is up to date.
- Keep firewalls set to the highest level.
- Never open an e-mail attachment from someone you don't know.
- Never double-click on an e-mail attachment that ends in .exe. It is an 'executable' file and can do what it likes in your system.
- If you think your machine has already been infected, contact your bank immediately. If the bank thinks you are a genuine victim of fraud it will reimburse you.
The attacks were carried out when hundreds of thousands of home
computers were infected with a type of harmful computer code called a
Trojan.
computers were infected with a type of harmful computer code called a
Trojan.
Trojans hide in websites, emails or downloads. Once installed on a
computer they can record every type of the keyboard, steal confidential
information or even open up a PC's security so that it can be
controlled remotely from another country.
computer they can record every type of the keyboard, steal confidential
information or even open up a PC's security so that it can be
controlled remotely from another country.
The latest attack involved a Trojan called Zeus v3 which hides inside
adverts on legitimate websites.
adverts on legitimate websites.
Once installed on a home computer, the programme waits until the user
visits their online bank and then secretly records their account
details and passwords - using the information to transfer between £1,000
and £5,000 to other bank accounts.
visits their online bank and then secretly records their account
details and passwords - using the information to transfer between £1,000
and £5,000 to other bank accounts.
The attacks began on July 5 and are still progressing, according to
Ed Rowley, product manager at M86.
Ed Rowley, product manager at M86.
'In the vast majority of cases, if people had kept their computer's
operating systems and software such as Internet Explorer up to date they
would not have been attacked,' he said.
operating systems and software such as Internet Explorer up to date they
would not have been attacked,' he said.
'More often than not Trojans exploit known vulnerabilities that can
be simply patched and fixed by downloading updates.'
be simply patched and fixed by downloading updates.'
McAfee, the security software maker, said production of software code
known as malware, which can harm computers and steal user passwords,
reached a new high in the first six months of 2010.
known as malware, which can harm computers and steal user passwords,
reached a new high in the first six months of 2010.
It said total malware production continued to soar and 10 million new
pieces of malicious code were catalogued.
pieces of malicious code were catalogued.
It also warned users of Apple's Mac computers, considered relatively
safe from virus attacks, that they may also be subjected to malware
attacks in the future.
safe from virus attacks, that they may also be subjected to malware
attacks in the future.
'For a variety of reasons, malware has rarely been a problem for Mac
users. But those days might end soon,' a spokesman said.
users. But those days might end soon,' a spokesman said.
THE RISING THREAT OF TROJAN ATTACKS
Attacks by ‘Trojan viruses’ are on the rise in Britain.
Although up-to-date anti-virus software should prevent an attack, experts say an alarming number of people leave their computers vulnerable to cybertheft.
Trojans are malicious programmes that hide inside apparently harmless computer files.
They can lurk on websites, online adverts or hitch a lift in emails.
The Zeus v3 Trojan involved in the latest attacks hides in adverts that appear on legitimate websites.
Each time someone clicks on the advert, the code is downloaded to their home computer where it lies dormant.
The code only becomes active when the computer connects to a bank website when it starts to record account details, passwords and other confidential information.
It checks to see if the account holds enough cash and then transfers up to £5,000 to a ‘mule’ account - a legitimate bank account held by a real customer.
Owners of these mule accounts operate on the edge of the law and agree to transfer sums they receive to someone else, after taking a cut.
By the time the police have investigated a Trojan attack, the recipient of the money has usually vanished without trace.
Security experts say it is relatively easy to protect against Trojan attacks by installing anti-virus software and keeping it up to date.
Computer owners should also make sure they have downloaded any updates of their operating software - usually Windows - and other programmes such as Internet Explorer, Firefox and Adobe.
People should also be alert to junk emails that pretend to be from banks, the Inland Revenue or online shops like Amazon and Ebay.
The emails invite the unwary to click on a link to a webpage containing a Trojan.
Although up-to-date anti-virus software should prevent an attack, experts say an alarming number of people leave their computers vulnerable to cybertheft.
Trojans are malicious programmes that hide inside apparently harmless computer files.
They can lurk on websites, online adverts or hitch a lift in emails.
The Zeus v3 Trojan involved in the latest attacks hides in adverts that appear on legitimate websites.
Each time someone clicks on the advert, the code is downloaded to their home computer where it lies dormant.
The code only becomes active when the computer connects to a bank website when it starts to record account details, passwords and other confidential information.
It checks to see if the account holds enough cash and then transfers up to £5,000 to a ‘mule’ account - a legitimate bank account held by a real customer.
Owners of these mule accounts operate on the edge of the law and agree to transfer sums they receive to someone else, after taking a cut.
By the time the police have investigated a Trojan attack, the recipient of the money has usually vanished without trace.
Security experts say it is relatively easy to protect against Trojan attacks by installing anti-virus software and keeping it up to date.
Computer owners should also make sure they have downloaded any updates of their operating software - usually Windows - and other programmes such as Internet Explorer, Firefox and Adobe.
People should also be alert to junk emails that pretend to be from banks, the Inland Revenue or online shops like Amazon and Ebay.
The emails invite the unwary to click on a link to a webpage containing a Trojan.
'Our latest threat report depicts that malware has been on a steady
incline in the first half of 2010,' Mike Gallagher, chief technology
officer of Global Threat Intelligence for McAfee, said in the report
that was obtained by Reuters.
incline in the first half of 2010,' Mike Gallagher, chief technology
officer of Global Threat Intelligence for McAfee, said in the report
that was obtained by Reuters.
The internet security company has passed on details of the attacks to
the UK Police Central E-Crime Unit in London.
the UK Police Central E-Crime Unit in London.
Britain's high street banks declined to comment on the attacks, but
urged customers to protect themselves from virus attacks.
urged customers to protect themselves from virus attacks.
A spokesman for HSBC said: 'There are millions of viruses and other
malicious software.
malicious software.
'We urge people to take basic measure to protect themselves from
virus attacks.
virus attacks.
'Any customer who is a victim of fraud will be reimbursed by HSBC.'
Last year £59.7 million was stolen in online banking fraud, while
another £440 million was lost to credit card fraud.
another £440 million was lost to credit card fraud.
A Financial Fraud Action UK spokeswoman said: ‘The idea that
criminals are targeting people by using malicious software or Trojans is
nothing new.
criminals are targeting people by using malicious software or Trojans is
nothing new.
‘Bank systems are hard to attack so they’re having to go through the
easier link in the chain, which is the customers.
easier link in the chain, which is the customers.
‘They’re hoping customers aren’t taking security precautions. We’ve
been seeing this for the last few years and we’re constantly urging
people to protect their computers to try to mitigate the risk of
becoming a victim.”
been seeing this for the last few years and we’re constantly urging
people to protect their computers to try to mitigate the risk of
becoming a victim.”
Online banking customers can take measures to protect themselves by
keeping their anti-virus software up to date and keeping their firewalls
set to the highest level, she added.
keeping their anti-virus software up to date and keeping their firewalls
set to the highest level, she added.
Victims of online banking fraud usually get their money back.
Earlier this month, an internet security company Trusteer, warned
that 100,000 British computers were infected with an earlier version of
Zeus
that 100,000 British computers were infected with an earlier version of
Zeus