Cyber-attack targets internet banking

You may have seen or heard in the news yesterday a warning about a cyber-attack which is due in two weeks.

What is it?
It is an infection known as “GameOver Zeus” which attackers use to intercept transactions during online banking sessions. It was reported by ESET (security software) in August 2010 that “3,000 online banking customers have become the latest victim of a Zeus Trojan Virus attack”. It is back in the news (BBC, Sky etc) because the UK’s National Crime Agency (NCA) and the US FBI have significantly disrupted the network used by this fraud operation. The NCA is advising that this disruption gives users a two week window to shore up their defences, after which the attackers operation may be back up to full strength.

Symptoms
The infection typically arrives as an email allegedly carrying an invoice. The user attempts to open the invoice and behind the scenes the infection installs itself. It may also carry the related infection “Cryptolocker” which locks users’ files. GameOver Zeus will intercept the logon procedure when starting an internet banking session. The user may be asked for additional security questions – the answers as well as passwords are passed to the attacker and the user fails to logon to their bank.

What actions should I take?
If you think your internet banking details may have been compromised then contact your bank and have your password and security information reset.

Now would be a very good time to review your system’s defences:

  • Ensure you have installed decent security software and that it is up to date.
  • Keep Windows and third party software up to date.
  • Don’t open email attachments unless you are sure they are legitimate. They may appear to from a genuine source e.g. your bank or a supplier.
  • Ensure you have a good backup configured which holds multiple generations of your important files.
  • Don’t store passwords on your computer unless they are encrypted.

If you suspect the infection has circumvented your security software then call Pronetic now on 01243 553605 and ask for Andy.