U.S. Bank Accounts Threatened by Trojan Malware
Many U.S. bank customers may have experienced non-availability or dramatic slowdowns when attempting to access their online bank accounts recently. However many may be unaware that this was due to denial of service (DDoS) attacks on the banks’ web sites. With so many consumers now reliant on on-line banking, such attacks can be devastating to banks and their customers. Yet there is another threat that could potentially cause more harm than the DDos attacks. The security firm RSA has reported a new version of the Gozi Trojan called “Prinimalka” which “will pose one of the greatest fraud threats U.S. banking institutions have ever seen”. A trojan is a type of malicious computer program that masquerades as a legitimate file or helpful program but whose real purpose is to make unauthorized changes to a computer. Trojans may steal information or allow a remote user to control the device. Trojans can worm their way into your tablet, PC or smart phone through drive-by downloads , online games or internet-driven applications (apps).
RSA said it has identified 30 U.S. banks that will be targeted by an Eastern European cybercrime gang using the “Prinimalka” trojan. This criminal cyber gang intends to “recruit 100 botmasters to help launch a series of lucrative online heists using fraudulent wire transfers from customer accounts”. A botmaster is the individual who controls thousands of secretly infected PCs, tablets etc. also known as a botnet. These botmasters will be individually trained becoming entitled to a percentage of the funds siphoned from victims’ accounts into mule accounts controlled by the group.
RSA believes this is the making of the most substantial organized crime-Trojan operation seen to date. It is also said that the operation will flood the victim’s phone lines while the victims are being robbed in efforts to prevent account holders from receiving confirmation calls or text messages from their banks. U.S. banks are being targeted because they usually do not require two-factor authentication (2FA) for wire transfers, unlike many European banks.
Researchers say that the banks identified as being at risk have been notified and law enforcement is involved. Past variants of Gozi, and other banking Trojans have been known to also target social networking sites.
While the banks need to implement security counter measures, bank customers need to take precautions such as having anti-malware that is updated daily, using only the latest versions of your browser (Internet Explorer, Firefox, Chrome, Safari) and installing patches for applications including Adobe Flash, Acrobat/Reader, iTunes and Java. Users should also monitor their bank accounts for unusual transactions. A recommended practice is to setup alerts for any type of on-line transaction, including wire transfers. Employees who are accessing corporate accounts for University business should only do so from secure devices and networks. Avoid accessing a bank’s website from insecure wireless networks such as bookstores, coffee shops, hotels etc.
For more information
- Cyber Gang Seeks Botmasters to Wage Massive Wave of Trojan Attacks Against U.S. Banks
- Addressing Gozi Trojan Threat
- ‘Gozi’ virus part of the ‘new normal’
- Banks Not Prepared for New Trojan
- Security Updates not only for “critical” applications
- Botnets: Is Someone Else Using Your Computer?
- Cybersecurity for Electronic Devices
Posted: November 6, 2012