Jump to content
Login with your Gmail HERE and start posting in seconds! ×

Best read about this new threat if you bank on line

jko

By jko
in IT and Computers

 Share

Recommended Posts

jko Silver Member

jko

Posted
Posted

(This sounds a plug for Kaspersky, but the threat itself seems real)

Neverquest Trojan: Built to Steal from Hundreds of Banks

http://blog.kaspersky.com/neverquest-trojan-built-to-steal-from-hundreds-of-banks/

Neverquest is a new banking trojan that spreads itself via social media, email and file transfer protocols. It possesses the capacity to recognize hundreds of online banking and other financial sites. When an infected user attempts to login to one of the sites the trojan reacts by activating itself and pilfering its victim’s credentials.
Neverquest then relays the stolen credentials back to a command and control server. Once there, the attackers can use the credentials to log into affected accounts via virtual network computing (VNC). VNC is essentially a shared desktop system, so the criminals basically use the victim’s computer to log into the victim’s online bank and perform the theft. It makes it quite impossible for the bank to distinguish legitimate users from criminals.
Kaspersky Lab announced earlier this week that the trojan has infected thousands of user-machines but – as malware expert Sergey Golovanov explains – it has the potential to do much more damage throughout the holiday season because of its efficient and versatile self-replication features. In fact, back in 2009, the Bredolab malware used the same methods of distribution that Neverquest is currently using. Bredolab would eventually become the third most widely distributed piece of malware on the Internet.
“When a user on an infected machine visits one of the sites on the list, the malware controls the browser’s connection with the server,” Golovanov explained in an analysis on Securelist. “Malicious users can obtain usernames and passwords entered by the user, and modify webpage content. All of the data entered by the user will be entered onto the modified webpage and transmitted to malicious users.”
Once the attacker has control of a victim’s account, he can empty it completely into an account under his control. In many cases, however, Golovanov notes that the attackers are moving the stolen money through a series of victim accounts. In this way, they dump money from one victim’s account into another and repeat this process several times before directly obtaining the money themselves in order to make their activities difficult to trace.
Attackers dump money from one victim’s account into another and repeat this process several times before directly obtaining the money themselves in order to make their activities difficult to trace.
Neverquest is for sale on at least one underground forum. It only seems to affect users browsing with Internet Explorer and Mozilla Firefox, but Neverquest’s creators boast that it can be modified to attack “any bank in any country.”
The malware also contains a feature that searches for specific banking-related keywords while the infected user surfs the web. If a user visits a site that includes these keywords, the trojan activates itself and begins intercepting user communications and sending them back to the attackers. If the site the victim is visiting ends up being a bank, the attackers add this new site to the list of sites that automatically trigger Neverquest. This update is then sent along through Neverquest’s command and control infrastructure to all other infected machines.
Fidelity.com, the website of one of the world’s largest mutual fund investment firms, appears to be one of the trojan’s top targets according to the report.
“Its website offers clients a long list of ways to manage their finances online,” Golovanov wrote on Securelist. “This gives malicious users the chance to not only transfer cash funds to their own accounts, but also to play the stock market, using the accounts and the money of Neverquest victims.”
Neverquest is also designed to start harvesting data when an infected user visits any number of sites not related to finance, including Google, Yahoo, Amazon AWS, Facebook, Twitter, Skype and many more.
“The weeks prior to the Christmas and New Year holidays are traditionally a period of high malicious user activity,” Golovanov wrote. “As early as November, Kaspersky Lab noted instances where posts were made in hacker forums about buying and selling databases to access bank accounts and other documents used to open and manage the accounts to which stolen funds are sent. We can expect to see mass Neverquest attacks towards the end of the year, which could ultimately lead to more users becoming the victims of online cash theft.”
  • Like 2
Link to comment
Share on other sites
infinity11 Gold Member

infinity11

Posted
Posted

OTP = one time pass word.

If they can access your email then they can access your account i suppose.

BUT how do they get the funds OUT of the bank?

That is unclear to me.

I think online banking can be an EXTREME security threat.

And it scares the shit out of me.

How to best protect oneself?

Link to comment
Share on other sites
54321 Advanced Member

54321

Posted
Posted

Out of interest I watched a programme about card skimming in France, they ended saying that card fraud costs x, but the banks generate x times 2 by selling insurance, and thus they (the banks) are a net winner and have no reason to improve security, and thus reduce their overall profits by reducing the need for insurance. Once upon a time I would have thought this unbelieavable, but now I suspect it to be true.

  • Like 1
Link to comment
Share on other sites
Gsxrnz Platinum Member

Gsxrnz

Posted
Posted

Just don't open "iffy" emails or attachments, keep your security software up to date and functioning at its highest level, don't use public computers, keep off FB or any other social type sites that interact with each other or have potential to pass on viruses, change your bank passwords frequently, put transaction value limits on your internet banking, get sms alerts if possible, check your balance daily, don't visit dodgy websites, enable pop-up blocker, set security to disallow all cookies.

Have I missed anything?

  • Like 1
Link to comment
Share on other sites
54321 Advanced Member

54321

Posted
Posted

Yes. For absolute certainty, don't go on line !

Just don't open "iffy" emails or attachments, keep your security software up to date and functioning at its highest level, don't use public computers, keep off FB or any other social type sites that interact with each other or have potential to pass on viruses, change your bank passwords frequently, put transaction value limits on your internet banking, get sms alerts if possible, check your balance daily, don't visit dodgy websites, enable pop-up blocker, set security to disallow all cookies.

Have I missed anything?

Link to comment
Share on other sites
attrayant Gold Member

attrayant

Posted
Posted (edited)

Virus & malware makers should be skinned alive.

Out of interest I watched a programme about card skimming in France, they ended saying that card fraud costs x, but the banks generate x times 2 by selling insurance, and thus they (the banks) are a net winner and have no reason to improve security, and thus reduce their overall profits by reducing the need for insurance. Once upon a time I would have thought this unbelieavable, but now I suspect it to be true.

If the insurance is provided by a divested company, then I'm pretty sure that's the very definition of insurance fraud. I can't imagine any insurance company tolerating it.

If the bank is indeed selling insurance to the same customers that it's allowing money to be stolen from, that seems flat-out illegal. The banks are essentially soaking their customers. I'm not familiar enough with French law to state anything certifiably, but it sure sounds like hokum. In the US, we have regulators that enforce laws against financial institutions that are keen on betting against their clients' interests. That was a big part of the mortgage crisis a few years back.

Edited by attrayant
Link to comment
Share on other sites
PeterSmiles Silver Member

PeterSmiles

Posted
Posted

Set up an SMS for withdrawals from your bank

From an overseas account?

Is that possible?

Generally yes, but I've noticed that for some banks the incoming SMS is blocked by the cell phone provider.

And it is blocked for the reason that it can carry a hefty cost to receive that sms abroad.

  • Like 1
Link to comment
Share on other sites
attrayant Gold Member

attrayant

Posted
Posted

I have mine (a credit union in the US) set up to send me email alerts. If you have a smartphone, that's an option.

Also, if I log in from a new device, I have to validate a security image (select one picture out of a lineup of 20 or so) and answer two challenge questions.

If I'm successful after all that, I feel like I've just won on Jeopardy!

  • Like 1
Link to comment
Share on other sites
infinity11 Gold Member

infinity11

Posted
Posted

Just don't open "iffy" emails or attachments, keep your security software up to date and functioning at its highest level, don't use public computers, keep off FB or any other social type sites that interact with each other or have potential to pass on viruses, change your bank passwords frequently, put transaction value limits on your internet banking, get sms alerts if possible, check your balance daily, don't visit dodgy websites, enable pop-up blocker, set security to disallow all cookies.

Have I missed anything?

ummmmm, browse in private mode or incognito

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.










×
×
  • Create New...