What we can all learn from the latest Zeus v3 Trojan bank theft incident
ComputerWeekly.com has an interesting story about how £675,000 ($1,052,385) was taken from 3,000 bank accounts in the UK. According to a report by M86 Security, the hackers used the Eleonore Exploit Kit, which leverages old vulnerabilities in Internet Explorer, Adobe Reader and the Java Development Kit. The compromise techniques include “Infecting legitimate websites with malware, Creating fraudulent online advertisement websites and Publishing malicious advertisements among legitimate websites.” This is what we can all learn from this incident:
1. Make sure your software is up-to-date. Although a lot of software has self-updating features these days, don’t assume the feature is working properly. Use something like Secunia’s free Personal Software Inspector (PSI) to verify that your software is in fact up-to-date. Also go to the Windows Update site, because the automatic update feature may be malfunctioning.
2. Anti-malware isn’t always effective. I’ve stated this before and so does the article. Hackers aren’t stupid – they know they need to test their malware to ensure it isn’t detected by anti-malware software. In spite of the fact that anti-malware isn’t always effective, people still need to use and keep it up-to-date to protect themselves from known malware with a known signature. Also keep in mind, that because each anti-malware product is unique and not all anti-malware software publishers know about all signatures, detection rates vary from product to product – so no single product can detect all malware.
3. Many banks are not helping people prevent their accounts from being hacked. Yup, you read that right. Banks need to provide much more information to consumers about the inherent threats and risks of using online banking. All the banks in my area have no information about malware, key loggers or Trojans. If you’re concerned that you’re under informed, go to GetSafeOnline.com and read the beginners guide.
4. Many banks do not account for Trojans on a consumer’s computer. Banks often tout the security of their online banking Websites by stating that their system remembers what computer a person uses. As is documented in the M86 report, this no longer matters. Instead of using a user’s stolen credentials on a different computer, the stolen credentials are used by the Trojan on the victim’s computer, rendering the security feature completely worthless.
5. Use Ubuntu’s Live CD to do online banking. Using a Live CD takes you completely out of the Windows environment where malware may reside despite your best efforts. Yes, it’s Linux, but you just need to start-up Firefox once the operating system comes up and you’ll be in a familiar environment. Creating the CD is easy, just burn it from the downloaded ISO image. Then, every time you need to do online banking, just boot off of the CD. Restart the computer, press the F12 function key during your computer’s start-up process before the Windows loader screen appears and select the boot from CD/DVD option. Brian Krebs recommends using Live CD – Washington Post, October 2009.
Many people don’t do online banking because they are worried about it being insecure – and if they aren’t proactive about security, they’re absolutely right. This applies to PayPal and other financial Websites as well.
If you’ve been remiss about being proactive about computer security, you should really consider reformatting your hard drive, reinstalling all your software and bringing everything up-to-date. Start off with a clean computer and make the effort to keep it that way. Be smart and be safe online.
Find all of this fascinating? Want to learn about other reasons why we’re still having problems with hackers? Read my book!