ShareThisAmong the computer attacks that have grown in popularity recently is the banking Trojan.
Bad guys have been trying to crack into banking systems for a long time and because of that, banks have increased the security around their servers to the point that it is pretty hard to crack them.
So the bad guys have switched their focus to bank customers, figuring that it's easier to steal $100 from a thousand bank customers than $100,000 from one bank. In the past, attacks centered on keystroke loggers, programs that could steal passwords while a user is logging on to do electronic banking. To get the keystroke logger onto your machine, crackers used a Trojan horse, a program that hides inside another program. When that program is activated, it installs itself on the target computer.
Trojans, with names such as Zeus, Clampi and URLzone, are still used, but instead of installing a keystroke logger on the computer, they install software capable of doing "man-in-the-browser" attacks.
These new attacks wait for the user to log onto his bank site and then "ride along" for the session. While the user is doing his online banking, the man-in-the-browser also is doing transactions -- transferring money from the user's account into another.
The man-in-the-browser can then alter balances to make it look as if nothing illegal has happened. You see how malicious this is.
And it is getting more widespread. Zeus malware kits are readily available on the Internet and are easy for criminals to customize, said Marc Fossi of security company Symantec.
These Trojans can hide in attached e-mail files, such as .PDF documents and Microsoft Word documents.
But a computer also can be infected by a site that harbors malware.
Electronic cards that appear to come from someone you know also are a popular conduit for malware.
Since you probably won't know that a man-in-the-browser attack is taking place or even that your accounts have been tapped, you have to prevent the Trojan from getting onto your machine in the first place.
I know what you're thinking. "Here he goes again preaching about secure computing."
Well, here I go again:
Never click on a Web site link in an e-mail, especially for your bank. When beginning an electronic banking session, type the bank URL directly into your browser.
Never open an attachment unless you are sure what it is and the person who sent it is really who sent it. This particularly applies to .PDFs and Microsoft Word documents. E-mails can be "spoofed" to look as if they came from someone you know.
When you visit your bank's site, make sure the URL is correct and contains https, which indicates a secure session.
Check bank and credit card statements regularly and report any suspicious activity immediately.
Don't open electronic greeting cards or visit porn sites, music sharing sites or any site that seems shady. All are likely to contain malware.
(Distributed by Scripps Howard News Service, www.scrippsnews.com.)
Must credit Pittsburgh Post-Gazette
