Computer security experts have told us that the best way to protect ourselves from an online financial scam is to regularly monitor our bank accounts. Unfortunately, this no longer provides any guarantees, because what you may be seeing on your computer screen may be an illusion.
A new computer virus has been discovered by Israeli-based Security firm Trusteer. This virus not only allows fraudsters to steal money from bank accounts, but it also covers its tracks.
Think of a crime plot involving a spy who plans to break into a high-security building and begins by swapping out security camera video so guards don’t notice anything unusual. Known as a surveillance camera hack, the technique has been demonstrated in many movies.
A new version of the widely prevalent SpyEye Trojan horse works in a similar way, only it swaps out banking Web pages rather than video and prevents account holders from noticing that their money is missing.
The Trojan horse employs a powerful two-step process to commit the electronic crime. First, the virus lies waiting for a customer with an infected computer to visit their online banking site. It then steals their login credentials and tricks the victim into offering additional personal information such as debit card information. After the stolen card number is used for a fraudulent purchase, the virus intercepts any further visits to the victim’s banking site and scrubs transaction records clean of any fraud. This prevents, or at least delays, customers from discovering fraud and reporting it to the bank. This buys the fraudster extra time to complete the crime.
Trusteer refers to this as a ”post transaction” attack, because much of the virus’ effectiveness is attributable to its ability to control what victims see after fraudulent transactions occur. Amit Klein, chief technology officer for Trusteer, said he believes criminals have used the technique for a few months and it has infected real consumers.
“I predict that the use of post transaction attack technology will significantly increase as it enables criminals to maximize the amount of fraud they can commit using their initial investment in malware toolkits and infection mechanisms,” Klein said.
A large retail U.S. bank spotted this new SpyEye virus and brought it to the attention of Trusteer.
‘A very scary tactic’
The virus’ evidence-covering techniques are elaborate. First, it keeps track of all fraud committed by the criminal and makes sure to remove those line items from online transaction lists. It also edits balance amounts to prevent consumers from getting suspicious.
“This is a very scary tactic,” said Avivah Litan, a financial fraud analyst at consulting firm Gartner. “Most banks ‘let the first transaction through,’ because if they stopped everything that was potentially fraud, consumers would get annoyed,” she said. In some cases, fraud-checking tools kick in only after initial reports, so this version of SpyEye could buy criminals important time as they try to turn stolen data into cash.
Cover-your-tracks techniques have been used before by virus writers, Klein said. In a simpler version, criminals who raided online bank accounts and wired money out of them would try to hide the transaction from victims using the same Web page interception trick. But this new flavor has more potential for success, because it involves stolen debit card numbers used at third-party merchants, creating complex transactions involving multiple banks and multiple security systems.
Only if a victim checks their balance at an ATM or on a second uninfected computer, would they be able to discover the fraudulent transactions. The virus doesn’t impact bank systems, only the characters that are displayed within the infected system’s Web browser. Paper statements would also reveal the fraud.
If you become a victim to this type of crime, you may want evidence and need help.
MSI Detective Services performs Debugging Services where they can detect and remove viruses, Trojan horses, spyware, etc., from your computer. MSI Detective Services is also skilled at conducting computer forensic investigations.
One more piece of advice…if you are using your online banking system and are asked to disclose information you have never been asked to disclose before, e.g., your debit card number – STOP! Call your bank immediately and ask questions.
Read full story@ msnbc
Tags: crime, Electronic Countermeasures - Debugging, hacking, identity theft, online banking hacking, Online Security, spying
