Topic: Millions targeted by new internet banking virus

[Clive]

Monday, 09 May 2005

A new form of computer virus is targeting millions of internet banking users.

The virus lies dormant on the customer's computer until they try to access their bank account. At this point the malicious programme re-directs the user's web-browser to a fake website designed to look like the official bank version, where fraudsters can take a customers login details and then access their accounts.

Internet portal Lycos said today that it is now tracking 100,000 incidents of the Troj/BankAsh-A virus a day and that there were 3.3 million attacks last month alone.

Barclays' and Bank of Scotland's websites are the most recent targets for the attack.

"The stolen details are used to hi-jack bank accounts and for identity theft," said Wessel van Rensburg, Lycos UK head of email.

"While these crimes are not new, the methods by which data is obtained is extremely sophisticated. This is a multi-billion pound industry and tens, if not hundreds, of thousands are being affected"

The virus gets onto a user's machine as an email attachment, a download from a webpage or file-sharing network, or is placed on the users' PC as part of another software package.

"The use of this software is far more insidious than recent phishing attacks, because it can be 'seeded' out to users' PCs through viruses, worms or email attachments without internet browsers knowing that it is lurking on their machine," Mr Van Rensburg explained.

"While the technology industry is just about keeping up with the hackers - with advanced anti-virus filters aiming at stopping this software ever reaching the internet users - education is the only long-term solution. PC users need to ensure they are taking the correct precautions when using the web in order to protect their data."

To keep PCs clear of the pharming threat, Lycos has said consumers should:

Ensure anti-virus software scanning both email and PC hard-drive is kept up-to-date.

Ensure anti-spyware programmes, which scan PCs for malicious Trojans and other programmes, are installed and used.

Make your PC has a firewall that will stop unauthorised information getting into or out of your PC, limiting criminals' access to it.

"The use of this software is more dangerous to users than the spate of 'pharming' attacks because the software can lurk on a user's machine for sometime undetected - whereas changes to bank's website addresses are more quickly fixed," Mr Van Rensburg notes.

A 'pharming' is when criminals hi-jack established websites by altering the way that "DNS servers" direct web users to their sites. A DNS server is a directory that translates a web address, such as www.amazon.co.uk or www.google.co.uk, to its associated IP (Internet Protocol) address, similar to the way you use a telephone directory to look up someone's name to find their phone number.

In a pharming attack, criminals hack into these databases and change the relationship between the common name and the IP address that a user is directed to. This means that while a user may type "www.lycos.co.uk" into their browser, when this is translated into an IP address by the DNS server, the user is redirected to a fake site, set up the criminals to capture users' details.

Additionally, Lycos points out that the Troj/BankAsh-A virus negates the need for criminals to hack these domain servers, because it can redirect the user to a fake website from their own PC.