Check Your Online Bank Accounts

Online banking customers are being targeted by international cyber criminals who are using sophisticated computer viruses to empty their current accounts.

A new version of a well-known trojan virus has stolen £675,000 from about 3,000 online customers of an unnamed British bank, according to an internet security company. The cash has been remotely transferred out of the accounts, held by businesses and individuals, since early July, according to M86 Security, which is based in California and Britain.

shows the customer fake bank balances to cover its tracks

The virus checks to see how much money is in both current and savings accounts, steals it and shows the customer fake bank balances to cover its tracks, the company said. It uncovered the scale of the theft after penetrating the criminals’ command-and-control server, which is based in eastern Europe. The company said that it had informed the financial institution concerned and the police two weeks ago and the attack appeared to be continuing.

Online bank accounts have become a significant target for attackers using the Zeus trojan banking virus, which first emerged three years ago. The new variant, Zeus v3, the third known version, not only collects users’ log-ins, passwords and other crucial data, it actually transfers money out of the compromised accounts. “This is an extremely sophisticated version of the virus and it cannot be detected by traditional security software,” said Bradley Anstis, vice-president of technical strategy at M86 Security.

Zeus v3 is one of a new wave of viruses that often invade consumers’ machines when they visit legitimate websites, in what is termed a “drive-by” infection.

Britain’s main high street banks do not believe that they are the victims of this attack. Lloyds Banking Group, Royal Bank of Scotland, Barclays, HSBC and Nationwide were contacted by The Times. They would not comment, but banking insiders said they were unaware of this particular scam.

They acknowledged, however, that online fraud was becoming ever more sophisticated and prevalent. A spokesman for HSBC said: “There are millions of viruses, and other malicious software. We urge people to take basic measures to protect themselves from virus attacks. Any customer who is the victim of fraud will be reimbursed by HSBC.”

Security researchers have warned that malicious websites hiding trojan viruses are no longer confined to “red light district” sites on the web, such as gambling and pornographic sites, but can be found on trusted sites including popular search engines, blogs and mainstream news sites. Last year attackers placed a virus in an online advertisement on the New York Times website.

M86 Security said that customers of the British bank had unwittingly transferred the virus on to their computers through security holes in either Microsoft’s Internet Explorer browser or Adobe Reader software when visiting legitimate websites. Once a computer is infected, the malware lies dormant inside the user’s web browser until they connect to their online banking accounts. The Zeus v3 trojan then activates itself to hijack the online banking sessions, effectively placing itself between the computer and the banking website in what is known as a “Man in the Browser” attack. The trojan even checks to see if the customer has sufficient funds. If their account holds more than £800, the trojan gets to work.

Mr Anstis said: “When a customer logs on to the banking site, the trojan is sitting there watching to see what they are doing.” The money is transferred to “mule accounts” — valid accounts held by real banking customers, but compromised by the criminals.

M86 Security said that its researchers had broken into the servers used by the criminals and according to the data logs, which listed all the money transfers, cash totalling £675,000 had been stolen from about 3,000 accounts since July 5. It advised online customers to ask their bank to disable the ability to transfer money to third parties.

Online banking fraud increased 18 per cent to £59.7 million last year, according to the trade body UK Payments Administration.

Trojan viruses are becoming the cyber criminals’ favoured weapon. Last year the “Clampi” trojan, which steals online banking log-in details from infected computers, spread rapidly in the US and Britain. This month Trusteer, a provider of secure browsing services, said that it had uncovered a large network of infected computers that was targeting British bank accounts

M86 Security said that its researchers had broken into the servers used by the criminals and according to the data logs, which listed all the money transfers, cash totalling £675,000 had been stolen from about 3,000 accounts since July 5. It advised online customers to ask their bank to disable the ability to transfer money to third parties.

Online banking fraud increased 18 per cent to £59.7 million last year, according to the trade body UK Payments Administration.

Trojan viruses are becoming the cyber criminals’ favoured weapon. Last year the “Clampi” trojan, which steals online banking log-in details from infected computers, spread rapidly in the US and Britain. This month Trusteer, a provider of secure browsing services, said that it had uncovered a large network of infected computers that was targeting British bank accounts

Advertisements