Most of us know about phishing. Now it is time to learn about rats.
Computer criminals have recently become much more sophisticated in their attacks against online banks. The Internet is now becoming infested with RATs “remote access Trojans”, these programs feed on online banking passwords.
Trojan horse programs have traditionally garnered their way onto computers by posing as desirable free software, such as electronic greeting cards or file-sharing programs. The malicious programs are hidden, and just like the Greek soldiers hidden in the famous wooden horse, they jump out to attack once they are safely inside. Sometimes they are pushed onto computers without any interaction at all, through various software vulnerabilities. If this is the case, you would likely have no way of knowing your machine has been invaded and infested.
These new remote-access Trojans are designed specifically to lurk in the background, waiting until the unsuspecting user types the name of a well-known bank into a Web browser. Then, the program comes out of hiding and springs into action, copying every keystroke. The data is sent back to the criminal, who can now access the online bank.
Now that these programs are being discovered the number of distinct Trojan programs are decreasing. In October 2005, 170 distinct Trojan programs used to steal bank data was discovered and in January 2006, there were only about 30,
Specialized forms of spyware, now being called by other names like crimeware, ratware, and even bankware, worm their way onto victims’ computers in a number of ways. Some are inserted completely in silence, through an unpublished or unpatched software vulnerability. Others are hidden in Web sites on the Internet’s seedier side, such as pornography sites.
But unlike the known and somewhat familiar computer worms, these malicious programs do nothing to announce their presence (like send out copies of themselves to everyone in the victim’s address book). Instead, they lie in wait for the user to log onto the bank browser.
Security companies agree that such Trojans are popping up everywhere. Richard Stiennon, spokesman for anti-spyware maker Webroot, said his firm’s research indicates that 1 in 10 Internet-connected computers has a Trojan horse installed on it. While many of those infected computers are still protected by firewalls that prevent data from being sent outside the system, others are at immediate risk.
“Of all the threats we track, only one is increasing its presence in the enterprise: Trojan horses,” he said. “For harvesting (personal) information it’s more successful than phishing attacks.”
Why the shift to ratware? There is some evidence that phishing activity has finally peaked. Consumers may have finally gotten the message that e-mails which appear to be from major financial institutions are often fakes; so criminals have upped the ante, focusing their attention to the more sophisticated methods that don’t require a consumer mis-step.
This is part of the reason federal regulators instructed banks to come up with new, better ways to authenticate consumers â€” methods that go beyond the use of a simple user name and password that can easily be stolen. The Federal Financial Institutions Examination Council gave banks until next year to come up with improved methods.
Bank of America is already testing improved security in California. If a customer tries to access its site from a computer that’s not their usual, the Web site interrupts to ask a set of personal questions, such as “What was your first pet’s name?” The answers are supplied by the customer beforehand, when setting up the account.
Such personal questions wouldn’t stop the most determined of criminals â€” with a RAT program installed, the criminal could have spied the answer months earlier â€” but would raise the bar against criminals that simply steal user names and passwords.
Dutch banking conglomerate ING has another anti-keystroke logging technology on its Web site. Consumers have to type their pins by clicking with their mouse on a number keypad displayed on a Web page. Such clicks can’t be tracked by keyloggers.
However, criminals have managed to stay one step ahead, and there’s no reason they won’t continue invent new ways to get at your assets. We must continue to build a better mouse trap, in this case a RAT trap.
Are you looking for money? Search the internet to discover if you have any unclaimed property, it is better than hacking into others accounts. CashUnclaimed.com has the largest database for state and federal accounts, making your search simple and profitable.