Internet threat: Hackers swarm bank accounts

New and nasty banking trojans are on the rise on the Internet and attacking online bank accounts.
The new trojan programs — which wait on your hard drive for an opportunity to crack your online banking account — are different from traditional "phishing" e-mail scams that try to trick you into typing your login information at fake bank websites.


BLOG: How to keep your account safe

They're invisible, can steal data multiple ways and require no action by the victim to be launched.

"Phishing doesn't work as well as it used to," says Patrik Runald, security specialist at F-Secure, the Internet security firm. "Banking trojans provide a very effective and direct means for the bad guys to get their hands on the money."

FIND MORE STORIES IN: Internet | Bankers Association | F-Secure | Gunter Ollmann | Patrik Runald | IBM Internet Security Systems
Banking trojans can be gotten by clicking on a viral link to a greeting card or video that arrives in e-mail spam. Or, they can be picked up by clicking to a Web page that's been corrupted by hackers.

F-Secure tallied 59,177 unique banking trojans circulating on the Internet in 2008, up from 15,969 in 2007. The escalation partly underscores how intensively criminal hackers churn out new variants to escape detection by antivirus programs.

Banking trojans "are more advanced and evolving faster than antivirus solutions," says Gunter Ollmann at IBM Internet Security Systems.

The American Bankers Association acknowledges the rise. Doug Johnson, vice president of risk management policy, notes that most U.S. banks try to make certain that online customers log in from their usual computer.

Losses caused from unauthorized transactions aren't known. Banks generally don't disclose them.

A typical banking trojan remains dormant until the customer logs on to a banking website. It then steals usernames and passwords by capturing keystrokes or copying the log-on page after the victim has filled it out.

So-called man-in-the-middle trojans go further. One type makes illicit cash transfers while the victim is legitimately logged on. Another can reproduce a copy of the Web page showing account balances — except with the balances altered to show the numbers the victim expects to see. This buys time for the thief to drain the account and hide his trail, Ollmann says.

Despite the trojans, Johnson of the bankers' association insists "online banking, on balance, is safe."

Link: http://www.usatoday.com/money/industries/banking/2009-02-22-bank-accounts-hackers_N.htm

with no paper trail

It could be considered an act of war.

Saw this coming 10 years ago.

What is this...one more way of explaining why more of our money is going to be lost?

least the early 90s.

I was part of a consulting team that was hired by BofA 17 years ago to secure their systems. We did our jobs, gave them the bad news that their systems basically had no security, gave them several options for securing their systems, and were told that our services were no longer required. It was determined by the MBAs that the expense of securing was not justified since the money stolen was covered by the taxpayers but the expense of securing would cost them.

I can only assume that it has only gotten worse since then.