jko Posted December 2, 2013 Share Posted December 2, 2013 (This sounds a plug for Kaspersky, but the threat itself seems real) Neverquest Trojan: Built to Steal from Hundreds of Banks http://blog.kaspersky.com/neverquest-trojan-built-to-steal-from-hundreds-of-banks/ Neverquest is a new banking trojan that spreads itself via social media, email and file transfer protocols. It possesses the capacity to recognize hundreds of online banking and other financial sites. When an infected user attempts to login to one of the sites the trojan reacts by activating itself and pilfering its victim’s credentials. Neverquest then relays the stolen credentials back to a command and control server. Once there, the attackers can use the credentials to log into affected accounts via virtual network computing (VNC). VNC is essentially a shared desktop system, so the criminals basically use the victim’s computer to log into the victim’s online bank and perform the theft. It makes it quite impossible for the bank to distinguish legitimate users from criminals. Kaspersky Lab announced earlier this week that the trojan has infected thousands of user-machines but – as malware expert Sergey Golovanov explains – it has the potential to do much more damage throughout the holiday season because of its efficient and versatile self-replication features. In fact, back in 2009, the Bredolab malware used the same methods of distribution that Neverquest is currently using. Bredolab would eventually become the third most widely distributed piece of malware on the Internet. “When a user on an infected machine visits one of the sites on the list, the malware controls the browser’s connection with the server,” Golovanov explained in an analysis on Securelist. “Malicious users can obtain usernames and passwords entered by the user, and modify webpage content. All of the data entered by the user will be entered onto the modified webpage and transmitted to malicious users.” Once the attacker has control of a victim’s account, he can empty it completely into an account under his control. In many cases, however, Golovanov notes that the attackers are moving the stolen money through a series of victim accounts. In this way, they dump money from one victim’s account into another and repeat this process several times before directly obtaining the money themselves in order to make their activities difficult to trace. Attackers dump money from one victim’s account into another and repeat this process several times before directly obtaining the money themselves in order to make their activities difficult to trace. Neverquest is for sale on at least one underground forum. It only seems to affect users browsing with Internet Explorer and Mozilla Firefox, but Neverquest’s creators boast that it can be modified to attack “any bank in any country.” The malware also contains a feature that searches for specific banking-related keywords while the infected user surfs the web. If a user visits a site that includes these keywords, the trojan activates itself and begins intercepting user communications and sending them back to the attackers. If the site the victim is visiting ends up being a bank, the attackers add this new site to the list of sites that automatically trigger Neverquest. This update is then sent along through Neverquest’s command and control infrastructure to all other infected machines. Fidelity.com, the website of one of the world’s largest mutual fund investment firms, appears to be one of the trojan’s top targets according to the report. “Its website offers clients a long list of ways to manage their finances online,” Golovanov wrote on Securelist. “This gives malicious users the chance to not only transfer cash funds to their own accounts, but also to play the stock market, using the accounts and the money of Neverquest victims.” Neverquest is also designed to start harvesting data when an infected user visits any number of sites not related to finance, including Google, Yahoo, Amazon AWS, Facebook, Twitter, Skype and many more. “The weeks prior to the Christmas and New Year holidays are traditionally a period of high malicious user activity,” Golovanov wrote. “As early as November, Kaspersky Lab noted instances where posts were made in hacker forums about buying and selling databases to access bank accounts and other documents used to open and manage the accounts to which stolen funds are sent. We can expect to see mass Neverquest attacks towards the end of the year, which could ultimately lead to more users becoming the victims of online cash theft.” 2 Link to comment Share on other sites More sharing options...
Cloggie Posted December 3, 2013 Share Posted December 3, 2013 Will this trojan also work if you use OTP? Everytime I want to access my account or make a transfer I need to enter a password send to me mobile phone. Link to comment Share on other sites More sharing options...
falang07 Posted December 3, 2013 Share Posted December 3, 2013 of course OTP is preventing any real damage caused by such attempts Link to comment Share on other sites More sharing options...
infinity11 Posted December 3, 2013 Share Posted December 3, 2013 OTP = one time pass word. If they can access your email then they can access your account i suppose. BUT how do they get the funds OUT of the bank? That is unclear to me. I think online banking can be an EXTREME security threat. And it scares the shit out of me. How to best protect oneself? Link to comment Share on other sites More sharing options...
Bazt Posted December 3, 2013 Share Posted December 3, 2013 Set up an SMS for withdrawals from your bank Link to comment Share on other sites More sharing options...
MichaelJackson Posted December 3, 2013 Share Posted December 3, 2013 My banks and others I know of use the OTP to phone to actually allow transferring money out of the account. I would suggest hacking therefore for theft purposes is almost impossible unless they clone your phone too. Link to comment Share on other sites More sharing options...
sustento Posted December 3, 2013 Share Posted December 3, 2013 My bank requires me to use a card reader every time I initiate a transfer to a new payee. Link to comment Share on other sites More sharing options...
54321 Posted December 3, 2013 Share Posted December 3, 2013 Out of interest I watched a programme about card skimming in France, they ended saying that card fraud costs x, but the banks generate x times 2 by selling insurance, and thus they (the banks) are a net winner and have no reason to improve security, and thus reduce their overall profits by reducing the need for insurance. Once upon a time I would have thought this unbelieavable, but now I suspect it to be true. 1 Link to comment Share on other sites More sharing options...
thrilled Posted December 3, 2013 Share Posted December 3, 2013 The bad guys are thinking up new ways every day to try and get our money.It's going to get worse before it gets better. Link to comment Share on other sites More sharing options...
infinity11 Posted December 6, 2013 Share Posted December 6, 2013 Set up an SMS for withdrawals from your bank From an overseas account? Is that possible? Link to comment Share on other sites More sharing options...
Bazt Posted December 6, 2013 Share Posted December 6, 2013 Yes ,as long as you have it setup at your bank Sent from my GT-I8190N using Thaivisa Connect Thailand mobile app Link to comment Share on other sites More sharing options...
infinity11 Posted December 6, 2013 Share Posted December 6, 2013 Why do i doubt this? I will have to confirm it with them. Not even sure i want them to have my overseas number. but thanks Link to comment Share on other sites More sharing options...
regedit Posted December 6, 2013 Share Posted December 6, 2013 Set up an SMS for withdrawals from your bank From an overseas account? Is that possible? Generally yes, but I've noticed that for some banks the incoming SMS is blocked by the cell phone provider. 1 Link to comment Share on other sites More sharing options...
Gsxrnz Posted December 6, 2013 Share Posted December 6, 2013 Just don't open "iffy" emails or attachments, keep your security software up to date and functioning at its highest level, don't use public computers, keep off FB or any other social type sites that interact with each other or have potential to pass on viruses, change your bank passwords frequently, put transaction value limits on your internet banking, get sms alerts if possible, check your balance daily, don't visit dodgy websites, enable pop-up blocker, set security to disallow all cookies. Have I missed anything? 1 Link to comment Share on other sites More sharing options...
Jubes Posted December 6, 2013 Share Posted December 6, 2013 So this also applies to smartphone banking apps? Link to comment Share on other sites More sharing options...
muratremix Posted December 6, 2013 Share Posted December 6, 2013 Set up an SMS for withdrawals from your bank From an overseas account? Is that possible? Citi bank IPB provides OTP devices to generate passwords and still lets you use sms otp when you don't have that small device around. 1 Link to comment Share on other sites More sharing options...
54321 Posted December 6, 2013 Share Posted December 6, 2013 Yes. For absolute certainty, don't go on line ! Just don't open "iffy" emails or attachments, keep your security software up to date and functioning at its highest level, don't use public computers, keep off FB or any other social type sites that interact with each other or have potential to pass on viruses, change your bank passwords frequently, put transaction value limits on your internet banking, get sms alerts if possible, check your balance daily, don't visit dodgy websites, enable pop-up blocker, set security to disallow all cookies. Have I missed anything? Link to comment Share on other sites More sharing options...
attrayant Posted December 6, 2013 Share Posted December 6, 2013 (edited) Virus & malware makers should be skinned alive. Out of interest I watched a programme about card skimming in France, they ended saying that card fraud costs x, but the banks generate x times 2 by selling insurance, and thus they (the banks) are a net winner and have no reason to improve security, and thus reduce their overall profits by reducing the need for insurance. Once upon a time I would have thought this unbelieavable, but now I suspect it to be true. If the insurance is provided by a divested company, then I'm pretty sure that's the very definition of insurance fraud. I can't imagine any insurance company tolerating it. If the bank is indeed selling insurance to the same customers that it's allowing money to be stolen from, that seems flat-out illegal. The banks are essentially soaking their customers. I'm not familiar enough with French law to state anything certifiably, but it sure sounds like hokum. In the US, we have regulators that enforce laws against financial institutions that are keen on betting against their clients' interests. That was a big part of the mortgage crisis a few years back. Edited December 6, 2013 by attrayant Link to comment Share on other sites More sharing options...
PeterSmiles Posted December 6, 2013 Share Posted December 6, 2013 Set up an SMS for withdrawals from your bank From an overseas account? Is that possible? Generally yes, but I've noticed that for some banks the incoming SMS is blocked by the cell phone provider. And it is blocked for the reason that it can carry a hefty cost to receive that sms abroad. 1 Link to comment Share on other sites More sharing options...
attrayant Posted December 6, 2013 Share Posted December 6, 2013 I have mine (a credit union in the US) set up to send me email alerts. If you have a smartphone, that's an option. Also, if I log in from a new device, I have to validate a security image (select one picture out of a lineup of 20 or so) and answer two challenge questions. If I'm successful after all that, I feel like I've just won on Jeopardy! 1 Link to comment Share on other sites More sharing options...
infinity11 Posted December 7, 2013 Share Posted December 7, 2013 Just don't open "iffy" emails or attachments, keep your security software up to date and functioning at its highest level, don't use public computers, keep off FB or any other social type sites that interact with each other or have potential to pass on viruses, change your bank passwords frequently, put transaction value limits on your internet banking, get sms alerts if possible, check your balance daily, don't visit dodgy websites, enable pop-up blocker, set security to disallow all cookies. Have I missed anything? ummmmm, browse in private mode or incognito Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now