 |
Photo: Fotosearch |
Cybercriminals are going online with you during transactions to steal money. This is a warning from experts about a troubling new trend in financial transaction security.
Account-stealing Trojans are operating aggressively. This software hides on your computer right after you open an email attachment or visit a website with malicious code. However, instead of being “caught” by increasingly strict control and authentication measures, cybercriminals are shifting their operational strategies.
Mr. Alex Shipp, a seasoned expert in antivirus technology from MessageLabs, stated at a discussion during the RSA Conference 2006 (February 16): “We are seeing a shift from stealing your accounts and passwords. New types of Trojans will wait until the victim, that is you, has fully logged into their bank account, and then transfer money out.
Therefore, all authentication measures, such as image codes or biometric methods, are no longer a big concern for them. These criminals only need to wait until you complete your login to launch their attack.”
This new type of Trojan is rapidly developing and currently ranks third on MessageLabs’ list of ongoing threats. At the top of this list is remote control through malware, turning a computer or network into Zombie PCs (computers controlled remotely by hackers, used to spread spam, advertisements, or to attack other computers).
In second place are phishing scams that steal users’ financial accounts, often disguised as anonymous bank websites or messages from loved ones.
The limitation of this new Trojan type is that it only specializes in accounts of a specific bank. However, the list of affected banks is growing.
These Trojans typically infect machines via email, with links that seem harmless at first glance, such as an online greeting card or even a charity advertisement. However, if you accidentally “click on” it, a malicious program is silently installed on your computer and remains inactive until you access your bank.
The evolution of attack methods poses a significant challenge for customers, even for security professionals like Jeanette Jarvis of Boeing. He noted that since 2002, Boeing has witnessed a 110-fold increase in the amount of malware they have blocked at their network gateways. Mr. Jarvis stated: “As soon as we have a counter-strategy, they have a new attack plan and method ready”.
In the past, hackers and virus writers primarily sought fame or notoriety, but today, financial gain is the top priority. Professional criminals find that attacking online may be safer than robbing a bank by breaking through steel walls with firearms.
Mr. David Perry, the Global Education Director at Trend Micro, suggests that the industry must focus on finding solutions to prevent the threat of “eroding customer trust in the Internet,” or else the Internet will lose its significance for current e-commerce.
TRAN HUYNH
