No. 1 Story

HP job cuts loom for Australian employees

A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.

read more

Related Articles

Browserbased, malware, robs, bank, accounts
Comm Bank beefs up net banking security
The Commonwealth Bank of Australia has moved to beef up security of its Internet...
Read More
US and China worst for spam and malware says Sophos
Despite tough anti-spam measures in the US, and recent lawsuits against a MySpace spammer,...
Read More
Nordea Bank loses $1.14 million to online fraud (update)
McAfee has described the phishing attack as “the biggest ever” online bank heist, throwing...
Read More
Swedish Bank loses $1 Million through Russian hacker phishing attack
Russian hackers have used phishing techniques to get hundreds of customers of Sweden’s largest...
Read More
Blackberry malware doorway to corporate networks
Corporate network administrators beware, the Blackberry handhelds being used by staff in the field...
Read More

More From

Popular Threads

Browser-based malware robs UK bank accounts

Stuart Corner
Wednesday, 11 August 2010 15:41

Business IT - Security

View Comments
Page 1 of 3

A highly sophisticated attack on a large UK financial institution mounted via the browsers of its online banking customers, and discovered by M86 Security, highlights just how hard it will be in the future for banks to maintain the integrity of their online banking systems.

According to an M86 white paper, "In July 2010, an organised network of cybercriminals launched a complex, multi-level scheme that targeted online customers of a large UK financial institution. Based on information M86 Security Labs found on the malicious command & control (C&C) server, we assume that close to £675,000 was stolen from the bank between July 5 and August 4, 2010, and approximately 3,000 customer accounts were compromised."

M86 says that the cybercriminals used multiple techniques to spread a Trojan to as many PCs as possible to target the online customers of a specific bank. These techniques included: infecting legitimate websites with malware, creating fraudulent online advertisement websites and publishing malicious advertisements among legitimate websites.

Then, once the Trojan, Zeus v3, was successfully installed on victims' when victims logged into their online banking accounts, it intercepted all their communications with the online banking site, communicated with its command and control server and initiated transfers from customers' accounts, via money mules, to the cyber-thieves.

The Trojan used various techniques to remain under the radar of common anti-fraud detection systems. These techniques included encrypting its communications with its command and control server using SSL. M86's security researchers were, however, able to break this encryption and thus to determine the amounts being transferred in each transaction, and the nature of the attack.

Banks in Australia use additional security that would, it seems, prevent attacks like this. The Commonwealth Bank, for example, requires a random code sent by SMS to be entered on the website before money can be sent to a new account, but this is not an ironclad protection.

CONTINUED

Need all the latest news on telecommunications?
If telecoms is your business: you'll find in-depth, industry-specific news, analysis and commentary in ExchangeDaily
Check out a recent edition (no forms to fill in) or take a free trial



Start 1 2 3 Next 

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases