Beware, Online Bank Accounts Are At Risk

SAN FRANCISCO: Two of the most pervasive and dangerous types of software for stealing money from bank accounts have been improved and can now transfer money out automatically, without a hacker’s supervision, researchers said.

The latest variants of the widespread SpyEye and Zeus programmes have already stolen as much as 13,000 euros ($16,487) at a time from a single account and are in the early stages of deployment, according to investigators at Trend Micro, a Japan-based security company that has many banks as customers.

Trend Micro Vice President Tom Kellerman told Reuters that his company’s researchers had seen the new attacks on a dozen financial institutions in Germany, the United Kingdom and Italy. That is troubling because European banks generally have greater technology defenses than those in the United States, and Kellerman said it is “inevitable” that the variants will cross the Atlantic.

The new code has the potential to dramatically escalate the amount being stolen from accounts and a years-old arms race between the banks and criminal groups that are often based in Eastern Europe.

“This has tremendous implications,” especially as Americans move toward banking by phone, said Kellerman. “This attack toolkit ushers in a new era of bank heists.”

Like other security companies, Trend Micro profits by selling software and services to institutions and consumers worried about online spying and account takeovers.

Though written and controlled by different groups, SpyEye and Zeus share the ability to be installed on computers that visit malicious websites or legitimate pages that have been compromised by hackers. Both programs are sold in the burgeoning underground hacking economy, where they can be customized or improved with additional modules like those just discovered.

The programs already have used a technique called “web injection” to generate new entry fields when victims log on to any number of banks or other sensitive websites. Instead of seeing a bank ask for an account number and password, for example, a victimized user sees requests for both of those and an ATM card number. Everything typed in then gets whisked off to the hacker, who later signs in and transfers money to an accomplice’s account.

Those transfers can be time-consuming, and the hacker has to think about how much can be sent out at once without drawing attention. Multiple, smaller transfers are preferable but take more time.

For the past year or more, some variants have also captured one-time passwords sent from the banks by text messages to client cell phones as an added security measure. But in those cases, a hacker had to be online within 30 or 60 seconds in order to use the one-time password.

The new software allows the criminal to siphon money out while he sleeps. It could significantly increase the number of hacked accounts and the speed with which they are drained.

Brett Stone-Gross, a senior security researcher with Dell unit Dell SecureWorks, said thieves “will be able to extract more money” with automation.

But he also said the landscape might not be transformed by the development, because the main limiting factor for crime groups is the number of accomplices, known as money mules, that they can hire to accept transfers from victim accounts. Automation will not lessen the need for mules, Stone-Gross said.

spam comments will not be published here. please dont waste your time.

Share This Post

Related Articles

4 Responses to “Beware, Online Bank Accounts Are At Risk”

  1. Lomandra Tanika says:

    Its like you read my mind! You appear to know so much about this, like you wrote the book in it or something. I think that you can do with some pics to drive the message home a bit, but instead of that, this is excellent blog. A great read. I will certainly be back.

  2. Lauran Goehner says:

    Other than that I am enjoying Thanksgiving and this update, I was not expecting a new perk with the event and thank you and enjoy the holiday.

  3. Danial Eskola says:

    Great post, but it isn’t only about the early days in your career. I have found as I have moved through all of the various stages of my life that have included starving artist to world traveler, that I am constantly seeking other opportunities. My passion is to do; not to be. The specifics have varied greatly. This year I have started on Medicare and my friends all ask me when I am going to “slow down and take life easy.” I have three active companies, work with homeless vets, travel as much as I want, and I had three discussions this week about new business ideas. I am not driven. I am driving, and I could have gotten here through a number of different paths. Not every step took me toward a goal. Some steps took me to smell the flowers, and some were the hidden gates of hell. All were learning points. All helped me define my next step better.

  4. Romeo Mathwich says:

    Great blog. I gained a lot from this! Especially the part about the experience gained from it.

Leave a Reply

© 2017 Axiom Infosoft Blog. All rights reserved. Site Admin · Entries RSS · Comments RSS
Powered by Axiom · Designed by Axiom Infosoft