Cyber criminals have raided the accounts of thousands of British internet bank customers in one of the most sophisticated attacks of its kind.
The fraudsters used a malicious computer programme that hides on home computers to steal confidential passwords and account details from at least 3,000 people. The internet security experts M86, who uncovered the scam, estimate that at least £675,000 has been illegally transferred from the UK in the last month – and that the attacks are still continuing.
All the victims were customers with the same unnamed online bank, the company said. Last night online banking customers were urged to make sure their anti-virus software was up to date – and to check for any missing sums from their accounts. The attack has been traced to a ‘control and command’ centre in Eastern Europe. However, the nationality of the cybercriminals is unknown. The latest attack involved a Trojan called Zeus v3 which hides inside adverts on legitimate websites.
Once installed on a home computer, the programme waits until the user visits their online bank and then secretly records their account details and passwords – using the information to transfer between £1,000 and £5,000 to other bank accounts. The attacks began on July 5 and are still progressing, according to Ed Rowley, product manager at M86.
‘In the vast majority of cases, if people had kept their computer’s operating systems and software such as Internet Explorer up to date they would not have been attacked,’ he said.
You guys know what to do…as for the rest of the noobs?
Weren’t some people on here whining about viruses on the banner ads here?
I don’t care how “expert” anyone thinks they are, this can happen to anyone. My neighbor had his electronic banking account hacked into. The learning experience isn’t worth the money. I have most of my accounts with one bank with no electronic banking of any kind, regardless of how many enticements they give me. I have another entirely different bank with a $5000 credit card account. That account was cyber attacked by a false request to confirm its status that I did not respond to.
Words to the wise. I should add “in person banking” to my list of Luddite preferences.
“‘In the vast majority of cases, if people had kept their computer’s operating systems and software such as Internet Explorer up to date they would not have been attacked,’ he said.”
from the post..
THIS IS Sooo WRONG!
IE was designed to have HOLES in it for advertisers. If you think, that ANYTHING you do on the net is private, you are SADLY mistaken. esp. if you use IE.
You paid for Windows, IE is a second program and the EULA says to use it at your OWN RISK.
#2..CORRECT.
I will not do online banking, until they can PROVE TO ME, the security is VERY VERY VERY HIGH.
i think the article did state that this was known mal-ware. not something new that anti-virus wouldn’t detect. So it could have been avoided if they kept their anti-virus up to date, and didn’t use IE.
But hell banks are just as crooked to steal your money, as a bank robber. It’s just your money is insured if a bank robber does it.
Though I’m not sure FDIC insurance is really needed anymore when the money in your bank are just numbers on a computer that get “wired” there or put there by checks or money orders, debit transactions, direct deposits, eBilling, etc. I haven’t handled cash for good while now.
No no no you guys are missing the obvious unsaid truth. EVERY bank is dealing with this right now. But this bank is in trouble for letting it leak out.
#3 ECA
You don’t get it, that doesn’t matter that you doesn’t do you banking online. You bank does it’s banking online that makes YOU vulerable.
#6,
BUT, if someone were to try to get access to my account via ONLINE, I can PROVE it wasnt me..as I WILL NOT use online banking.
AS I could prove by showing my computer and the cookies and history installed.
OTHERWISE you have to REALLY prove you didnt do it.
I have even explained to my CC company, TAKE the money, but dont give access to LOANS from the NET. Make it a separate account. They still dont get it.
This is why you need to demand your bank offer you two factor authentication. Either side channel authentication via SMS/TXT, or give you a One-Time-Password fob.
Many banks offer this. Demand it.
Well….There is always cash. I guess it’s still good everywhere except for car rental.
That is why my ‘big’ accounts require the use of a SecureID dongle in order to access them via the Internet. It requires my regular password, plus a 6 digit code that changes every two minutes, obtainable only from a keyfob that I have for that account.
You should also be using one-time credit card numbers whenever you make purchases online, never your ‘real’ credit card number.
Great Doddo,
Now you get shot at the robbery… You’re one sly guy.
It’s raining Luddites
#11 Bank of America does offer OTP. I think you have to ask for it. Last I looked, they used SMS side channel.
Use Firefox with the “Adblock Plus” add-on. No problem.
#11 ReadyKilowatt –
I use Charles Schwab as both my bank and my broker. Not only do they offer a SecureID token for free, they allow you to use ANY ATM anywhere for free and reimburse you for any withdrawal charges, and their credit card has a 5.5% non-teaser rate with a 1% cash payback program. Their CC has online generation of one-time numbers. Best service anywhere.
You can also get a SecureID token for your eBay/Paypal account for $5. I use it mainly to avoid being hacked and ending up being a seller of stuff that I never posted.
Always blame the victims! It’s their fault the didn’t have every single exploit covered in their PC’s OS and Internet browser. Or that they allowed their PC to get infected, during the weeks Microsoft was off figuring out how to patch their buggy OS, not to allow some exploit. And of course as of now, all Windows 2000 and XP SP2 users are left in the lurch, with no more patches for them. My advice, get a MAC! And stop believing that Microsoft is as serious as they claim about security. Because they really ought to be more concerned with ridding their OS and applications of all these security exploits. Than during a new fancier OS, every five years, just to compete with Apple. And turning their source code over to Russian Intelligence, just to allow sales over there. Isn’t what I’d call “a bright idea!” Because who do they think will be finding all the loop holes in Windows Vista and Seven, next? How about the Russian Mafia? Way to screw all your current customers, Microsoft!
The average PC user shouldn’t have to be a computer scientist or genius, to be able to keep their information safe from these internet thieves. But the rather cavalier way PC software is put together, with hardly a thought to preventing routes of exploit. One has to be smarter than the PC programmers, to stop it all. Which is practically impossible. The “keep your AV software current” advice, just isn’t gonna cut it. Most AV isn’t keeping up with the new attacks. And doesn’t do a damn thing about OS and Application exploits.
I have to agree with #17, Glenn on this point. Quit blaming the victims.
The banks are fully capable of tracing the money. That they don’t is their problem. That the various governments don’t cease electronic transactions with countries that hide the perpetrators is beyond me. Banks and countries that allow this should not be allowed to play with the big kids.
19,
I would suggest that 1/2 those in this discussion KNOW how to do that.
AS to the rest of the Site posters..No more then 1/3.
18,
NO, I dont blame the consumer OR the bank.
I blame MS and IE.
MS does NOT follow good protocols to PROTECT PROGRAMMING. They even install BAckdoors so they could Offer companies the ABILITY to Force IE to display ADVERTS.
THOSE little holes, have cost MANY, tons of money/time/materials. FOR WHAT? An OS, that wont/cant protect you from ITS OWN HOLES/backdoors.
What is the IP address for dvorak.org?
If I click through back pages, eventually I am taken to an ad page. I have some sort of google virus.
Windows strikes again. When will people learn.
You understand therefore significantly in the case of this matter, produced me in my opinion imagine it from so many varied angles. Its like men and women are not involved until it’s something to accomplish with Woman gaga! Your personal stuffs outstanding. Always take care of it up!