Online banking safe?


Only with a live Linux CD or a dedicated Linux box.
The recently released APWG Phishing Activity Trends Report for Q3 of 2009, details record highs in multiple phishing vectors, but also offers an interesting observation on desktop crimeware infections.
According to the report, the overall number of infected computers (page 10) used in the sample decreased compared to previous quarters, however, 48.35% of the 22,754,847 scanned computers remain infected with malware.
And despite that the crimeware/banking trojans infections slightly decreased from Q2, over a million and a half computers were infected.
How does this happen, and how are cybercriminals bypassing the phone verification process?
* Malware sits inside a userís browser and waits for the user to log into a bank. During login, the malware copies the userís ID, password and OTP, sends them to the attacker and stops the browser from sending the login request to the bankís website, telling the user that the service is ďtemporarily unavailable.Ē The fraudster immediately uses the user ID, password and OTP to log in and drain the userís accounts. * Other malware overwrites transactions sent by a user (URLZone Trojan Network) to the online banking website with the criminalís own transactions. This overwrite happens behind the scenes so that the user does not see the revised transaction values. Similarly, many online banks will then communicate back to the userís browser the transaction details that need to be confirmed by the user with an OTP entry, but the malware will change the values seen by the user back to what the user originally entered. This way, neither the user nor the bank realizes that the data sent to the bank has been altered. * Authentication that depends on out-of-band authentication using voice telephony is circumvented by a simple technique whereby the fraudster asks the phone carrier to forward the legitimate userís phone calls to the fraudsterís phone. The fraudster simply tells the carrier the original phone number is having difficulty and needs the calls forwarded, and the carrier does not sufficiently verify the requestorís identity before executing the fraudsterís request.
Last month, The American Bankersí Association (ABA) issued a similar warning to small businesses, recommending the use of dedicated PC for their E-banking activities, one which is never used to read email or visit web sites in an attempt to limit the possibility of crimeware infection
Add pictures here
‚úĖ
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Pointless trivia
Add pictures here
‚úĖ
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Tue, 02 Feb 2010 09:57:13 -0500, Van Chocstraw wrote:

It is too low cost. It stays up to date. It doesn't require enough maintance. I'm sure there are a lot more reasons other than it is just too hard to learn.
Add pictures here
‚úĖ
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
RLM wrote:

What's to learn? Boot it up and click on Firefox to browse the web. Is that too hard for you?
Add pictures here
‚úĖ
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Van Chocstraw wrote:

Firefox will give your cat warts.
If you don't have a cat, you should be okay.
Add pictures here
‚úĖ
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.