Re: [infoguys-list] New PC virus doesn’t just steal your money
- In a message dated 1/9/2012 10:22:18 P.M. Pacific Standard Time,
New PC virus doesn't just steal your money – it creates fake online bank
statements so you even don't know it's gone
Daily Mail / UK
By Rob Waugh
6th January 2012
Crimeware steals passwords from your browser
Cyber criminals use your debit card details to drain your account
When you visit your bank, it adjusts figures so the criminal transactions
Attack has been used in U.S. and UK
The new SpyEye `trojan horse' software steals your card details – then
when you log into your online bank, it adjusts your balance so you don't
realise anything is wrong. It's already been found in the U.S. and the UK
A new version of the SpyEye `trojan horse' software not only steals your
money, it then offers false reassurance that it's still there.
When you visit your online bank, there will be no trace of the
transactions that cyber-criminals are using to empty your bank account.
Worse, your balance will also be adjusted on screen so it looks as if
nothing is happening.
The attack – on Windows PCs – has already been detected in the U.S. and
The software – which steals your bank passwords to give access to your
account – waits for you to enter the same banking details before `adjusting'
what you see.
The idea is that it gives thieves more time to use your debit card details
on fraudulent transactions without you realising it's happening.
The first you'll learn of the attack is your bank refusing you money, or a
paper statement showing you that cyber criminals have been draining money
out of your account.
The new version of SpyEye has targeted banks in the U.S. and the UK.
Trusteer, a security company which detected the attack, says, `The next
time the victim visits their online banking site, the malware hides the
fraudulent transactions, as well as artificially changing the total balance.'
Most photos reported to Facebook as `offensive' are just unflattering,
engineer reveals – and they won't help with that
Watch your wall: New Facebook attack has stolen passwords from 45,000
users – and could be spreading through infected links
`As a result, the deceived customer has no idea that their account has
been `taken over', nor that any fraudulent transactions have taken place.'
The software, a variant on a commonly used cyber attack, has been
`tweaked' so that as well as its usual attack – grabbing passwords and login
information from your web browser without you knowing, it also adjusts your
balance when you next visit your bank's web page.
`SpyEye is a tweak of the Zeus crimeware kit that grabs web form data
within browsers,' says the Naked Security blog at web security experts Sophos.
`This year, right before the recent holiday season, Trusteer found a
hopped-up version of SpyEye attacking banks in the U.S. and U.K.
`The new Trojan, instead of intercepting or diverting email messages,
hides bogus transactions even after users have logged out and then logged back
into their accounts.'
`This version of SpyEye both hides the fraudulent transaction and masks
the amount of the transaction, putting forward a fake balance and ensuring
that victims are oblivious to anything being amiss.'
With hi-tech cyber attacks such as SpyEye, there are few visible signs
that anything is wrong.
There are defences, though – ensure your browser is up to date, manually
updating it if necessary.
You should also ensure that the `anti-phishing' option is switched to `on'
in Firefox, Chrome or Internet Explorer, which will check for
`blacklisted' websites and prevent your browser being directed to the `fake' version
that delivers your bank statement.
G.E. Investigations, LLC
AIM / ICQ: DetectiveGE
Certified Missing Persons Investigator
NRA Certified Firearms Instructor
NRA Certified RTBAV Instructor
"Giving you... Just the Facts!"
"Assisting you in those times of EXIGENT CIRCUMSTANCES…
When Waiting Isn't an Option!"
[Non-text portions of this message have been removed]