Want to know (I know you don’t not really…but) exactly how they work?
Here’s a down-to-the-code analysis from analysis from TraverseCode.com that explains the inner workings, but the really educational one comes from a blog written by a Czech (my apologies to the man, but I can’t pronounce his name nor read the language on his Facebook page) that describes how and where the Trojan is “sold,” the different models “sold,” and how much each model costs to buy from the author of the code.
He has done an impressive amount of research about this code, as well as how there is a thriving market for this type of code. He discusses how the code “calls home” to get more information, or downloads a client software so that the hacker can actually access, unseen, the user’s computer and see what he/she is typing, what pictures, and even the key generator number.
He suggests, and I can’t recommend strongly enough, that people use a segregated computer for financial activities. VMWare is going to have quite a sale in workstation licenses, really soon, if not NOW.
It’s going on my computer when I get home.]]>
“The alert advises businesses to dedicate a single computer for online banking activity that is never used for reading e-mail or surfing anywhere else on the web. Using a dedicated computer would lessen the chance of the computer being infected with malware that can help crooks drain a bank account through wire transfers and automated clearinghouse transfers.”
It’s grand that the government got around to stating the obvious. Clearly the only option, (given the pervasiveness of hacked websites and phishing emails) having a separate PC will add additional costs to small business. Especially if they don’t have adequate security (firewalls and AV) to begin with.
We discussed this in a post back in August. Now that the total is roughly $100 million in losses to business, the government and banking are taking notice.
I guess that’s good. Happy New Year!]]>
I was called on one of these last spring, and it worked like this: the controller got a call from the bank (someone was watching! Yay!) about some wired fund transfers that looked suspicious. After reviewing them, the controller realized fraud and theft had occurred. Other evidence was that the thief had changed the email address back to the controller so that she/he would receive no notification of the wire transfers. It seemed pretty clear that someone had somehow gotten her/his access to the bank account. That was all that could be discovered at the time. They lost over $40,000. That’s small change compared to some of the fraud going on.
Reading an article from the Washington Post, I recognized the scam. It works like this:
“In many cases, the scammers infiltrate companies in a similar fashion: They send a targeted e-mail to the company’s controller or treasurer, a message that contains either a virus-laden attachment or a link that — when opened — surreptitiously installs malicious software designed to steal passwords. Armed with those credentials, the crooks then initiate a series of wire transfers, usually in increments of less than $10,000 to avoid banks’ anti-money-laundering reporting requirements.”
Sounds like exactly what happened to my client. The bad news is that once that money is wired out, there is no way the company can get it back. Losses to small businesses are becoming significant, but have not gotten much press up until this point.
In fact, wire-transfer fraud has gone up 58% in 2008, according to the US Treasury Department. Commercial business customers only have about two days to notify the bank of fraud, and then they eat the loss.
The problem is, Anti-Virus software is not keeping up with malware coming from over the Internet. Thieves are able to use malware to capture even the one-time codes on a fob during a transaction.
An advisory issued by the Financial Services Information Sharing and Analysis Center, recommends that commercial banking customers take some fairly rigorous steps to secure their online banking accounts. For example, the group recommends that commercial banking customers “carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible.”
Another option might be VMware, where an image could be loaded for banking use only.]]>