New Botnet Discovered in Belgium
Internet security firm "Trend Micro" has recently discovered a new botnet over the Web in Belgium.
Giving reference of an article in the Belgian newspaper "De Tijd," Trend Micro's Senior Security Advisor 'Rik Ferguson' claimed that the bot hit the systems of customers of banks Dexia, KBC and Argenta between April and May 2007, as per the news by v3 on June 20, 2010.
Ferguson further said that after stealing usernames, passwords and online trade sharing platforms, the highly refined attack succeeded to "automate stock trades across the botnet."
He also added that the hackers certainly gained huge profit from the sharp changes in stock prices of the penny stocks manipulated by dealing (buying and selling) in their own shares at precisely the right time in classic pump-and-dump techniques.
In addition, Ferguson suggests that banks should be more careful of authentication method for their customers aimed at verifying the transaction in place of the user.
Hein Lannoy, Spokesperson of Belgian Banking, Finance and Insurance Commission (CBFA) responded that after the hacking in July 2007, no more similar incidents happened in the country, as per the reports by countermeasures.trendmicro in the third week of April 2010.
Lannoy also added that in April 2009, they had sent a circular about improving the security standards of the financial institutions. Online banking services of Belgium are now well protected. He stated that there were no rules to execute their standards on foreign banks in their country.
But with these responses, Ferguson does not seem to be convinced. He said to a Belgium-based journalist that it appeared to him that almost all Belgian banks still offer classical two-factor authentication directed at verifying the users rather than the transaction. Although this technique would surely prevent this bot in its present form, it will definitely fail in longer run.
Ferguson stated that banking malware had developed to such a stage where it could even surpass multiple factor user authentications.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 29-06-2010