The Association of Banks in Singapore (ABS) has issued a warning that a computer virus is stealing online banking passwords.The non-profit industry body said there have been 'a few cases' of Internet banking customers whose computers were infected by the malicious software called SpyEye.
It is not known how many were affected and what their losses were. The ABS and banks contacted by The Straits Times did not want to provide details.
This is the first time the association is issuing a warning on behalf of its more than 100 member banks in Singapore. It said that an 'unusually large' number of consumers had complained about suspicious online activities in the past three weeks.
SpyEye, which appeared in late- 2009, infects Internet browsers and modifies webpages on users' computers to steal valuable information like banking log-in names, passwords and credit-card data. In the first half of this year, it infected at least 2.2 million computers worldwide, according to United States- based network security firm Damballa.
A variant created to target banks in Singapore surfaced three weeks ago, according to security experts. It gets into computers when users visit infected websites, open infected e-mail or attachments, or download files from social-networking sites like Facebook and Twitter.
This SpyEye variant, like its other permutations, waits for the user to access his online banking account. After he enters his username and password on a legitimate banking website, a message may pop up, indicating that the transaction "may take 1-10 minutes to complete' or that 'security verification is in progress".
This is a sign that SpyEye is intercepting the transaction to steal banking log-in names and passwords.
It may also lead users to an altered banking webpage - after they have accessed an authentic banking site - where they are asked to enter their username, password and one-time password (OTP).
The bank, unaware that its customer's computer is infected, will send the OTP - received as an SMS or on security tokens - after the user keys in his username and password. Once the OTP is entered on the altered banking webpage, SpyEye modifies the transaction.
For instance, the user may have wanted to transfer $1,000 from his account to account A. It can rewrite the transaction and transfer $10,000 to account B, where a hacker can access the money.
Banks have advised customers suspecting something amiss to immediately log out from the banking site, close their Internet browsers and contact them.
Victor Keong, a partner and practice leader for information protection and business resilience at consultancy firm KPMG, advised users to update their security software.
Some banks also require users to enter another OTP for transactions above a certain value, say, $500. This will limit the damage, Keong said, noting that a malicious software would need to be more complex to steal subsequent OTPs.
Ronnie Ng, senior manager of systems engineering at security software firm Symantec Singapore, thinks banks can do more. "OTP is only part of a much larger authentication solution," he said.
He suggested that banks can send the details of a transaction - for example, how much is transferred to which account - to users via SMS. This is so they are not tricked into approving a transaction they initiated but which was subsequently modified by the software.
For solve that problem and to protect your PC from the virus, you can use some Anti Virus Software below just for backup if that happened to you
- Trend Micro Titanium AntiVirus Plus Software
- CA AntiVirus Plus
with 60 Days Money Back Quanrantee
Tidak ada komentar:
Posting Komentar