Malicious Software Attacking Online-Banking Customers

ABS, on 29th September, 2011, issued an alert to all online-banking consumers to watch out for one fresh e-threat, thus published Businesstimes.com.sg dated September 29, 2011.

It maybe mentioned that ABS represents an industry body that works without any profit motive for lobbying the banking customers' interest in Singapore. It further represents the Association's member banks' interests, establishes best practices as also advances the Singapore banking industry's proficiency.

Importantly, ABS cautions that certain instances have occurred wherein the computers of banking clients were contaminated with SpyEye the infamous Trojan virus.

It stated that every time a consumer attempted at accessing online-banking software of any bank via a contaminated PC, the Trojan introduced an intermediate beneficiary addition as well as funds-transfer that in reality was false.

The Association added that when consumers accessed an infected website, they took down unfamiliar files or opened malware-laced electronic mails and became exposed to the malicious software that could as well get sent via a social-networking website.

Moreover, when consumers used contaminated PCs for accessing online-banking software, they might also find one web-banner, which asserted it was examining if security configurations on the computers were right. Also, the login web-page from where the access was made would display a message that "1-10 minutes might be necessary for completing the transaction" alternatively "security verification was ongoing."

Furthermore, it might request to provide one more SMS alternatively token-based 'one time password' (OTP) alongside the normal username and password. But according to ABS, an authentic online banking site won't ever request an end-user to provide his OTP.

Additionally, consumers could as well be getting SMS notices concerning financial dealings they didn't request or initiate.

Thus ABS stated that consumers, who encountered any of the above dubious operations, required terminating the session for Internet banking, closing the Web-browser as also getting in touch with the bank, instantly. Businesstimes.com.sg published this.

ABS further suggested consumers for perusing SMS notices minutely along with updating their bank statements whenever an Internet transaction was done.

Finally ABS concluded that banks were becoming more vigilant and keeping track of dubious Internet operations for countering the above kinds of e-threats.

Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected

» SPAMfighter News - 10/10/2011