- Sep 29 2009, 08:20 AM
Consumers still have concerns over the security of online banking, an expert has asserted. Editor's Note: But expertly tries to "calm their fears" by "falsely asserting" they can protect themselves by installing anti-virus software on their PC. Oh Contra ire! Mr. "Expert"...
Jacques Erasmus, director of malware research at Prevx, a security solutions provider, said he is regularly asked by internet users whether it is a safe option for them. "The simple answer to these questions is 'yes', in terms of convenience and ease-of-use, you should use these services and I personally do." However, he stressed the need to "stay secure" while using such services.
Mr. Erasmus added that consumers looking to protect themselves against identity fraud and other risks should ensure they install anti-virus software on their PC and take a layered approach to security. By making full use of anti-malware products, internet users will be able to detect new and emerging threats promptly, he concluded.
Oh really? That's not the information I got. According to the information provided below from Trusteer, Clampi and Zeus can bypass anti-virus programs 77% of the time... Here you go Mr. Erasmus...
"There is an online banking Trojan out there that is bypassing up-to-date anti-virus programs as much as 77% of the time, according to security company Trusteer."
The Zeus Trojan is also known as Zbot, WSNPOEM, NTOS and PRG. It is the most prevalent financial malware on the web, Trusteer says. (Editor's Note: Others say it's Clampi)
According to Trusteer: "When we set out to measure the efficiency of anti-virus products in the wild against Zeus, we had no idea what kind of results we would get," said Amit Klein, CTO of Trusteer and head of the company’s research organization.
"The findings, that up-to-date anti-virus programs were only effective at blocking Zeus infections 23 percent of the time, are disturbing.
This is bad news for consumers and banks, since the vast majority of Zeus infections are going unnoticed."
Zeus is a financial malware. It infects consumer PCs, waits for them to type their username and passworrd when they log onto a list of targeted banks and financial institutions, and then steals their credentials and sends them to a remote server in in real time. Yes..."real time" meaning OTP's (one-time-passcodes) are even problematic as the bad guys get them the same time you do and can log-in and cash out.
Additionally, it may inject HTML into the pages rendered by the browser, so that its own content is displayed together (or instead of) the genuine pages from the bank’s web server. Thus, it is able to ask the user to divulge more personal information, such as payment card number and PIN, one time passwords and TANs, etc. Translation: Zeus can modify web pages from the genuine bank's servers in the user's browser. Of course, if you didn't type it...they couldn't swipe it!
Oh...and if you are adamant about making sure you stay up to date with the latest Anti-Virus Software, take a graphic look at how much that helps! (above right)
Additionally, it may inject HTML into the pages rendered by the browser, so that its own content is displayed together (or instead of) the genuine pages from the bank’s web server. Thus, it is able to ask the user to divulge more personal information, such as payment card number and PIN, one time passwords and TANs, etc. Translation: Zeus can modify web pages from the genuine bank's servers in the user's browser. Of course, if you didn't type it...they couldn't swipe it!
Oh...and if you are adamant about making sure you stay up to date with the latest Anti-Virus Software, take a graphic look at how much that helps! (above right)