New Trojan virus poses online banking threat

TimesOnline ^ | 9/21/09 | Mike Harvey

[xtinct]

Cyber criminals have created a highly sophisticated Trojan virus that steals online banking log-in details from infected computers.

The Clampi virus, which is spreading rapidly across hundreds of thousands of computers in Britain and the United States, infects computers when users visit websites that host a malicious code.

Once on the computer, the virus sits unnoticed until the user logs on to bank, credit card or other financial websites. It then captures log-in and password information and sends it to a server run by the attackers. They can then tell the compromised computer to send money to accounts that they control, or they can buy goods with the stolen credit card details.

The trojan has a list of more than 4,500 finance-related websites that it monitors, including British high street banks. Security experts warned that it was one of the stealthiest and most pervasive threats to computers using the Microsoft Windows operating systems.

[xtinct]

lots of security updates for my PC from provider this weekend... guess this is why...

[Lazamataz]

Thanks! Updating my software now.

[proxy_user]

It depends on the security your bank has, too.

At my bank, if I try to log into my account from a computer I have not used before, it won’t allow it. I have to call in for an activation code.

[Pablo64]

Glad we use our Mac for any online transactions. The PC running Windows is only used for a few things (still, I should probably make sure it has all it’s updates).

[Nervous Tick]

[gopheraj]

mark

[Graybeard58]

When I first got my on line account from the credit union I put the pass word in a document, when I tried to access my account, I just copied and pasted the pass word since I didn’t have it memorized yet. I could not get in that way, I had to type the individual numbers.

[Nervous Tick]

>> It depends on the security your bank has, too.

Mrs. Tick handles the security on our online bank account.

She is in charge of making sure there is so little dough in there that no one would care to break in!

[Nervous Tick]

I just copied and pasted the pass word since I didn’t have it memorized yet. I could not get in that way, I had to type the individual numbers.

Speaking of site security mechanisms, Treasury Direct has an interesting scheme -- it's a "virtual keyboard" on the login page, and you enter your password by clicking the boxes. They change the layout frequently -- maybe each time you log in but I haven't verified that. It's a PITA to log in, but it seems quite secure to me.

[sheikdetailfeather]

Thanks!

[RayChuang88]

That's why I use Norton Internet Security 2010--it automatically updates itself all the time to stop the latest threats.

[ontap]

Just recently bought a Apple. So glad I don’t have to fool with this kind of crap!

[kevkrom]

Just recently bought a Apple. So glad I don’t have to fool with this kind of crap!

Apples are susceptible to trojans, so don't get too cocky. There's a huge difference between a virus and a trojan (what a "trojan virus" might actually be, other than idiocy by the wrtier, I have no idea) -- trojans rely primarily on social engineering to get a privileged user to unwittingly install malware and allow it to run. This can happen on any operating system; it's a user issue, not a machine one.

[ProudFossil]

Sounds like Congress/Obama lite to me. Of course they do not sneak into your computer to get at your money, they just take it.

[SE Mom]

Interesting- yesterday I had the pop up for the GreenAV virus pop up 2x on my pc- I was running IE at the time- back to Firefox now!

I almost fell for it- it’s an alarming looking pop up. In an unusual moment of clarity- I followed my gut and not the hype from the virus writers!

[savedbygrace]

In this case, only if you’re running a Windows OS on a Mac.

This trojan installs only in Windows.

Do you know of a trojan like the Clampi that can successfully install itself on a Mac OS X machine?

[libh8er]

Unless the fraudulent transaction is requested from your computer (without your knowledge).

[ontap]

By and large most viruses are aimed at windows. Of course I am well aware of your warning and take my own precautions. Still I am very excited over my Apple. Hasn’t frozen up once!!!!

[Titus-Maximus]

ping

[The Great RJ]

In addition to having all the latest security patches on your PC you need top notch and up to date anti virus software and a good firewall to stop unauthorized outgoing Internet traffic. Note the built in Windows XP firewall only protects from stuff entering your computer not the other way around.

[oprahstheantichrist]

That’s a joke, right?

[Kegger]

Apples are susceptible to trojans, so don't get too cocky. There's a huge difference between a virus and a trojan (what a "trojan virus" might actually be, other than idiocy by the wrtier, I have no idea) -- trojans rely primarily on social engineering to get a privileged user to unwittingly install malware and allow it to run. This can happen on any operating system; it's a user issue, not a machine one.

Excellent reply! There are still some (many?) who need to have this point driven home. For a trojan, your type of computer matters very little.

[Nervous Tick]

If you entered your information and clicked the button, you sure hope so!

:-)

[kevkrom]

In this case, only if you’re running a Windows OS on a Mac. This trojan installs only in Windows. Do you know of a trojan like the Clampi that can successfully install itself on a Mac OS X machine?

Yes, this trojan is Windows-only. There are some known Mac trojans out in the wild -- in general they are less potent than the PC versions to date because Macs do require multiple confirmations to install and run something downloaded from the internet; the PC security model is generally more lax, which does make the platform an easier target.

[bmwcyle]

You need to pay attention.

[ontap]

To what?

[Thunder90]

GreenAV is a fake antivirus program. It is actually a trojan horse.

[zeugma]

Excellent reply! There are still some (many?) who need to have this point driven home. For a trojan, your type of computer matters very little.

Yes, and no. The trojan has to be designed for the platform it's executing on. Also, under OSX, you have to actually give the program permissions to run, as well as your root password.  This makes it somewhat less likely to be effective.  However, there is no way to engineer around stupid users. 

[Leg Olam]

Only use the best.

Apple for graphics

Palm for mobility

Linux for servers

Windows for solitair

[HereInTheHeartland]

That web app looks like Obamas plan to pay for socialized health care.

[ontap]

LOL!!!!

[sionnsar]

ping

[Kegger]

Yes, and no. The trojan has to be designed for the platform it's executing on. Also, under OSX, you have to actually give the program permissions to run, as well as your root password. This makes it somewhat less likely to be effective. However, there is no way to engineer around stupid users.

That was my point "For a trojan, your type of computer matters very little." about how the computer matters very little.

[Ernest_at_the_Beach]

Well,...the beginning tutorial on Distrowatch today is very timely...

Linux Security Basics, Part 1: Authentication

And I believe it in a general sense applies to all OSs......the specifics are of course for Linux...passwords are always important....

Of course with Windows and stuff like Active X,...they may not help much.

[ShadowAce]

[Ernest_at_the_Beach]

Haven't gone thru this ...but info might be useful:

Ilomo/Clampi Virus Detection

[b4its2late]

[Ernest_at_the_Beach]

It’s a UNIX based system,...so has good security.

[Ernest_at_the_Beach]

Looks like there is an executable at the site linked to at post #36...someone with some smarts should look at it and give the viewers some feedback...

I am not running windows here,...but I do bank online.

[Ernest_at_the_Beach]

For a trojan, your type of computer matters very little.

But the Operating System matters a great deal....

[Ernest_at_the_Beach]

Some related threads....posted by Shadowace...thanks.:

On Bugs, Viruses, Malware and Linux

AND:

5 Ways To Defeat Malware

[Ernest_at_the_Beach]

See above updates/

[SE Mom]

Thanks buddy :) I run spybot and avg every day...

[jurroppi1]

bookmark

[Ernest_at_the_Beach]

Which variety of Windows?

[SE Mom]

XP and I’m running Windows 7...but I also use Firefox a lot.

[SunkenCiv]

Thanks Ernest. During the football game one of the ads was for the Playstation 3, sez it’s priced at $299 now. Do you happen to know anyone who’s installed Linux on it?

[tubebender]

I would burn my car if I had to tune it up every morning to drive downtown...

[martin_fierro]

Do you happen to know anyone who’s installed Linux on it?

Looky here

[Mygirlsmom]

What about the Windows on-screen keyboard? Would that do the same?