Home | How It Works | Guarantee | Privacy | Order Now | Search Unclaimed Money | Help

Online banking has a rat infestation.

Most of us know about phishing. Now it is time to learn about rats.

Computer criminals have recently become much more sophisticated in their attacks against online banks. The Internet is now becoming infested with RATs “remote access Trojans”, these programs feed on online banking passwords.

Trojan horse programs have traditionally garnered their way onto computers by posing as desirable free software, such as electronic greeting cards or file-sharing programs. The malicious programs are hidden, and just like the Greek soldiers hidden in the famous wooden horse, they jump out to attack once they are safely inside. Sometimes they are pushed onto computers without any interaction at all, through various software vulnerabilities. If this is the case, you would likely have no way of knowing your machine has been invaded and infested.

These new remote-access Trojans are designed specifically to lurk in the background, waiting until the unsuspecting user types the name of a well-known bank into a Web browser. Then, the program comes out of hiding and springs into action, copying every keystroke. The data is sent back to the criminal, who can now access the online bank.

Now that these programs are being discovered the number of distinct Trojan programs are decreasing. In October 2005, 170 distinct Trojan programs used to steal bank data was discovered and in January 2006, there were only about 30,

Specialized forms of spyware, now being called by other names like crimeware, ratware, and even bankware, worm their way onto victims’ computers in a number of ways. Some are inserted completely in silence, through an unpublished or unpatched software vulnerability. Others are hidden in Web sites on the Internet’s seedier side, such as pornography sites.

But unlike the known and somewhat familiar computer worms, these malicious programs do nothing to announce their presence (like send out copies of themselves to everyone in the victim’s address book). Instead, they lie in wait for the user to log onto the bank browser.

Security companies agree that such Trojans are popping up everywhere. Richard Stiennon, spokesman for anti-spyware maker Webroot, said his firm’s research indicates that 1 in 10 Internet-connected computers has a Trojan horse installed on it. While many of those infected computers are still protected by firewalls that prevent data from being sent outside the system, others are at immediate risk.

“Of all the threats we track, only one is increasing its presence in the enterprise: Trojan horses,” he said. “For harvesting (personal) information it’s more successful than phishing attacks.”

Why the shift to ratware? There is some evidence that phishing activity has finally peaked. Consumers may have finally gotten the message that e-mails which appear to be from major financial institutions are often fakes; so criminals have upped the ante, focusing their attention to the more sophisticated methods that don’t require a consumer mis-step.

This is part of the reason federal regulators instructed banks to come up with new, better ways to authenticate consumers — methods that go beyond the use of a simple user name and password that can easily be stolen. The Federal Financial Institutions Examination Council gave banks until next year to come up with improved methods.

Bank of America is already testing improved security in California. If a customer tries to access its site from a computer that’s not their usual, the Web site interrupts to ask a set of personal questions, such as “What was your first pet’s name?” The answers are supplied by the customer beforehand, when setting up the account.

Such personal questions wouldn’t stop the most determined of criminals — with a RAT program installed, the criminal could have spied the answer months earlier — but would raise the bar against criminals that simply steal user names and passwords.

Dutch banking conglomerate ING has another anti-keystroke logging technology on its Web site. Consumers have to type their pins by clicking with their mouse on a number keypad displayed on a Web page. Such clicks can’t be tracked by keyloggers.

However, criminals have managed to stay one step ahead, and there’s no reason they won’t continue invent new ways to get at your assets. We must continue to build a better mouse trap, in this case a RAT trap.

Are you looking for money? Search the internet to discover if you have any unclaimed property, it is better than hacking into others accounts. CashUnclaimed.com has the largest database for state and federal accounts, making your search simple and profitable.

Comments are closed.


Affiliate Program | How It Works | Guarantee | Privacy | Unclaimed Property Blog | Order Now | Media & Press Relations
Unclaimed Property Definitions | Unclaimed Money | Useful Money Links | Link To Us | State Property List | Help

Copyright © 2002 CashUnclaimed.com. All Rights Reserved. By use of this site you are specifically agreeing to
the terms of use posted on this site. You should click here to review them now.


When you perform a free trial search on CashUnclaimed.com we display the total dollar amount in unclaimed funds that we show reported by the appropriate government agencies. This does not guarantee that this money is 100% absolutely yours. What it means is that there is that total dollar amount shown by government agencies under your name and common variations of your name at the last time we had the information available to us was reported as unclaimed and is able to have a claim form submitted to be paid that amount. For more information please read our terms of use by clicking the link above.