New PC virus doesn't just steal your money it creates fake online bank statements so you even don't know it's gone
Daily Mail / UK
By Rob Waugh
6th January 2012
Crimeware steals passwords from your browser
Cyber criminals use your debit card details to drain your account
When you visit your bank, it adjusts figures so the criminal transactions don't appear
Attack has been used in U.S. and UK
The new SpyEye `trojan horse' software steals your card details then when you log into your online bank, it adjusts your balance so you don't realise anything is wrong. It's already been found in the U.S. and the UK
A new version of the SpyEye `trojan horse' software not only steals your money, it then offers false reassurance that it's still there.
When you visit your online bank, there will be no trace of the transactions that cyber-criminals are using to empty your bank account.
Worse, your balance will also be adjusted on screen so it looks as if nothing is happening.
The attack on Windows PCs has already been detected in the U.S. and the UK.
The software which steals your bank passwords to give access to your account waits for you to enter the same banking details before `adjusting' what you see.
The idea is that it gives thieves more time to use your debit card details on fraudulent transactions without you realising it's happening.
The first you'll learn of the attack is your bank refusing you money, or a paper statement showing you that cyber criminals have been draining money out of your account.
The new version of SpyEye has targeted banks in the U.S. and the UK.
Trusteer, a security company which detected the attack, says, `The next time the victim visits their online banking site, the malware hides the fraudulent transactions, as well as artificially changing the total balance.'
Most photos reported to Facebook as `offensive' are just unflattering, engineer reveals and they won't help with that
Watch your wall: New Facebook attack has stolen passwords from 45,000 users and could be spreading through infected links
`As a result, the deceived customer has no idea that their account has been `taken over', nor that any fraudulent transactions have taken place.'
The software, a variant on a commonly used cyber attack, has been `tweaked' so that as well as its usual attack grabbing passwords and login information from your web browser without you knowing, it also adjusts your balance when you next visit your bank's web page.
`SpyEye is a tweak of the Zeus crimeware kit that grabs web form data within browsers,' says the Naked Security blog at web security experts Sophos. `This year, right before the recent holiday season, Trusteer found a hopped-up version of SpyEye attacking banks in the U.S. and U.K.
`The new Trojan, instead of intercepting or diverting email messages, hides bogus transactions even after users have logged out and then logged back into their accounts.'
`This version of SpyEye both hides the fraudulent transaction and masks the amount of the transaction, putting forward a fake balance and ensuring that victims are oblivious to anything being amiss.'
With hi-tech cyber attacks such as SpyEye, there are few visible signs that anything is wrong.
There are defences, though ensure your browser is up to date, manually updating it if necessary.
You should also ensure that the `anti-phishing' option is switched to `on' in Firefox, Chrome or Internet Explorer, which will check for `blacklisted' websites and prevent your browser being directed to the `fake' version that delivers your bank statement.
Direct Link: http://geinvestigations.com/blog/2012/01/new-pc-virus-doesnt-just-steal-your-money-it-creates-fake-online-bank-statements-so-you-even-dont-know-its-gone/
G.E. Investigations, LLC
AIM / ICQ: DetectiveGE
Certified Missing Persons Investigator
NRA Certified Firearms Instructor
NRA Certified RTBAV Instructor
"Giving you... Just the Facts!"
"Assisting you in those times of EXIGENT CIRCUMSTANCES
When Waiting Isn't an Option!"