The Computer Clarity Blog

Online trading can be an easy, cost-effective way to manage investments. However, online investors are often targets of scams, so take precautions to ensure that you do not become a victim.

What is online trading?

Online trading allows you to conduct investment transactions over the internet. The accessibility of the internet makes it possible for you to research and invest in opportunities from any location at any time. It also reduces the amount of resources (time, effort, and money) you have to devote to managing these accounts and transactions.

What are the risks?

Recognizing the importance of safeguarding your money, legitimate brokerages take steps to ensure that their transactions are secure. However, online brokerages and the investors who use them are appealing targets for attackers. The amount of financial information in a brokerage’s database makes it valuable; this information can be traded or sold for personal profit. Also, because money is regularly transferred through these accounts, malicious activity may not be noticed immediately. To gain access to these databases, attackers may use Trojan horses or other types of malicious code.

Attackers may also attempt to collect financial information by targeting the current or potential investors directly. These attempts may take the form of social engineering or phishing attacks. With methods that include setting up fraudulent investment opportunities or redirecting users to malicious sites that appear to be legitimate, attackers try to convince you to provide them with financial information that they can then use or sell. If you have been victimized, both your money and your identity may be at risk.

How can you protect yourself?

* Research your investment opportunities - Take advantage of resources such as the U.S. Securities and Exchange Commission’s EDGAR database and your state’s securities commission (found through the North American Securities Administrators Association) to investigate companies.

* Be wary of online information – Anyone can publish information on the internet, so try to verify any online research through other methods before investing any money. Also be cautious of “hot” investment opportunities advertised online or in email.

* Check privacy policies – Before providing personal or financial information, check the website’s privacy policy. Make sure you understand how your information will be stored and used.

* Conduct transactions on devices you control – Avoid conducting transactions on public resources such as internet kiosks, computers in places like libraries, and other shared computers and devices. Other users may introduce security risks.

* Make sure that your transactions are encrypted – When information is sent over the internet, attackers may be able to intercept it. Encryption prevents the attackers from being able to view the information.

* Verify that the website is legitimate – Attackers may redirect you to a malicious website that looks identical to a legitimate one. They then convince you to submit your personal and financial information, which they use for their own gain. Check the website’s certificate to make sure it is legitimate.

* Monitor your investments – Regularly check your accounts for any unusual activity. Report unauthorized transactions immediately.

* Use strong passwords – Protect your computer, mobile devices, and accounts with passwords that cannot easily be guessed. Use different passwords for each account.

* Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. However, because attackers are continually writing new viruses, it is important to keep your virus definitions current.

* Use anti-spyware tools – Spyware is a common source of viruses, and attackers may use it to access information on your computer. You can minimize the number of infections by using a legitimate program that identifies and removes spyware.

* Keep software up to date – Install software updates so that attackers can’t take advantage of known problems or vulnerabilities. Enable automatic updates if the option is available.

* Evaluate your security settings – By adjusting the security settings in your browser, you may limit your risk of certain attacks.

By Daily Mail Reporter
Last updated at 2:11 PM on 11th August 2010

• Trojan is still at large and may strike again, experts warn
• Bank affected has still not been named

Thousands of British online banking customers have fallen victim to a sophisticated attack by cyber criminals who have stolen thousands of pounds from their accounts.

About 3,000 online banking customers have been victims of a computer virus attack that empties their accounts while showing them fake statements so the scam goes undetected.

Experts have described the attack using a ‘Trojan’ virus as the most sophisticated and dangerous malware program ever created.

The cyber criminals stole an estimated £675,000 between July 5 and August 4 and the attack is still progressing, experts warn.

Out of action: The new Trojan virus can empty bank accounts without their owners knowing about the theft as it shows them fake statements

The latest virus is a variant of the Zeus Trojan banking virus which first emerged three years ago and is called Zeus v3. 

M86 Security said: ‘We’ve never seen such a sophisticated and dangerous threat. Always check your balance and have a good idea of what it is.’

The scam was discovered after M86 gained access to the command-and-control server in Eastern Europe running the thefts.

How to protect yourself from Trojans when banking online

• Make sure your anti-virus software is up to date.
• Keep firewalls set to the highest level.
• Never open an e-mail attachment from someone you don’t know.
• Never double-click on an e-mail attachment that ends in .exe. It is an ‘executable’ file and can do what it likes in your system.
• If you think your machine has already been infected, contact your bank immediately. If the bank thinks you are a genuine victim of fraud it will reimburse you.

It collects data such as passwords and even transfers money out of accounts automatically, but only after checking if there is at least £800 available.

Bradley Anstis, M86 vice-president of technology strategy, said: ‘This is an extremely sophisticated version of the virus and it cannot be detected by traditional security software.’

The company said it was the most-sophisticated and dangerous virus yet seen and advised online banking users to check their balances regularly and have a good idea of what it should be. 

British high street banks do not believe they have become victims of the cyber criminals.

A spokesman for HSBC said: ‘There are millions of viruses and other malicious software.

We urge people to take basic measure to protect themselves from virus attacks.

Any customer who is a victim of fraud will be reimbursed by HSBC.’

However, M86 said it believed one high street bank was breached and failed to act quickly after warnings last month.

More than 100,000 PCs in Britain have been infected with other forms of the Trojan virus.

McAfee Inc, the security software maker, said production of software code known as malware, which can harm computers and steal user passwords, reached a new high in the first six months of 2010.

McAfee said total malware production continued to soar and 10 million new pieces of malicious code were catalogued.

What is a Trojan?

• A Trojan is a type of computer virus that infects your PC
• It is called a Trojan because it will disguise itself as a useful application but when installed can take control of a user’s computer
• It can let a hacker take control of your computer or simply wipe the hard drive
• It can also be used to install key logging software which will let the hacker know what you are typing and give him access  to your passwords
• Trojans are now the most popular form of computer virus or ‘malware’

It also warned users of Apple’s Mac computers, considered relatively safe from virus attacks, that they may also be subjected to malware attacks in the future.

‘For a variety of reasons, malware has rarely been a problem for Mac users. But those days might end soon,’ a spokesman said.

‘Our latest threat report depicts that malware has been on a steady incline in the first half of 2010,’ Mike Gallagher, chief technology officer of Global Threat Intelligence for McAfee, said in the report that was obtained by Reuters.

Last year £59.7million was lost to online banking fraud, according to Financial Fraud Action UK.

Another £440million was lost to credit card fraud.

And the problem is said to be on the rise, with criminals attacking banks’ customers rather than the banks themselves as they are seen as softer targets.

A Financial Fraud Action UK spokeswoman said: ‘The idea that criminals are targeting people by using malicious software or Trojans is nothing new.

Bank systems are hard to attack so they have to go through the easier link in the chain, which is the customers.

They’re hoping customers aren’t taking security precautions. We’ve been seeing this for the last few years and we’re constantly urging people to protect their computers to try to mitigate the risk of becoming a victim.’

Victims of online banking fraud are generally refunded the money.

Computer Clarity

These emails, which appear to come from seemingly legitimate law firms, indicate that someone has filed a copyright lawsuit against the message recipient. The messages may contain malicious attachments or web links. If a user opens the attachment or follows the link, malicious code may be installed on the user’s system.

Overview

An email is being sent out warning the recipient of a “Copyright Lawsuit filed against you.”  We received a copy here and a number of .EDUs has reported its receipt.  It looks something similar to:

March 24, 2010
Crosby & Higgins
350 Broadway, Suite 300
New York, NY 10013

To Whom It May Concern:

On the link below is a copy of the lawsuit that we filed against you in court on March 11, 2010.
Currently the Pretrial Conference is scheduled for April 11th, 2010 at 10:30 A.M. in courtroom #36.
The case number is 3485934. The reason the lawsuit was filed was due to a completely inadequate response from your company for copyright infringement that our client Touchstone Advisories Inc is a victim of Copyright infrigement
hXXp://www.touchstoneadvisorsonline.com/lawsuit/suit_documents.doc
Touchstone Advisories Inc has proof of multiple Copyright Law violations that they wish to present in court on April 11th, 2010.

Sincerely,

Mark R. Crosby
Crosby & Higgins LLP

The law-firms named in the email, header, and sending server all appear to be a mish-mash of existing firms.

If a user clicks on the link and opens the document it will attempt to download additional payload.

Initial Detection

Currently only a few AV solutions detect the initial document: http://www.virustotal.com/analisis/9b762ff9d2103022bf1476f2c55db91475f31526522716e827875801f92a0d87-1269486837

Behavioral Notes

Following Daniel’s process (http://isc.sans.org/diary.html?storyid=6703) one could extract the executable and determine what it’s up to.

It appears to reach out to 121.14.149.132:80 to make a request similar to:

GET /fwq/indux.php?U=1234@1014@1@0@0@c791d4a4a147b2cd1843fe4f7f27f3a1df63f95daf0c3ddcd5f1b1e4538fd803

Computer Clarity

As has become tradition, PandaLabs, the anti-malware laboratory of Panda Security -The Cloud Security Company- has published its 2009 Virus Yearbook, reviewing the malicious codes that have appeared over the last 12 months and examining those that have stood out for one reason or another.
Rather than a ranking of the most widespread viruses, or those that have caused most infections, PandaLabs has selected those which, either for their use of social engineering or their visible effects on computers, stood out most last year. For this reason, some of the more well-known malicious codes (such as the Koobface virus) are absent from the list.

So here are the viruses we believe deserve a mention:

- The biggest headache. There can be no doubt that Conficker.C has been the most obnoxious virus over the last 12 months. It first appeared on December 31, 2008, and has spent the last year causing serious infections to companies and home users alike. The insidious and tenacious nature of this malicious code has earned it first place in our ranking.

- The Harry Potter of viruses. Although there is no reference to the world’s most popular fictional wizard, the on-screen messages Samal.A displays are all about magic. When it infects a computer, users will see the message “Ah ah you didn’t say the magic word” (see photo on Flickr), and the cursor then flickers waiting for users to enter a word. The truth is, it doesn’t matter what is entered, because after three attempts, the phrase “Samael has come. This the end” (see photo here), will be displayed and the computer is restarted.

- V for Vendetta. We still don’t know who is the real target of this vendetta, but DirDel.A wreaks vengeance on infected users, progressively replacing folders in different directories with copies of itself. The worm is carried in a file called Vendetta.exe with a typical Windows folder icon (see photo on Flickr).

- Plane nuisance. The Sinowal.VZR Trojan has infected thousands of computers under the guise of plane tickets supposedly purchased by the user (see photo on Flickr).

- The all-action virus. We are talking about Whizz.A. Once infected, computers will start emitting a series of beeps, the mouse pointer moves uncontrollably around the screen, the CD/DVD tray opens and closes, while the screen is ‘decorated’ with a row of bars like those in the image.

- The snooper. Waledac.AX ensnares its victims by claiming to offer a free application for reading SMS messages on anyone’s cell phone. Ideal for those that want to check up on their partners. Perhaps that’s why so many users fell victim to this intelligent virus.

- The most affectionate. BckPatcher.C tops this category, as it changes the desktop wallpaper to an image reading “virus kiss 2009” (see photo on Flickr. What a charmer!

- A touch of the sniffles. We couldn’t fail to mention here a couple of the viruses,WinVNC.A and Sinowal.WRN that used the widespread alarm surrounding swine flu to trick users and infect their systems.

- And the award for incompetent newcomer goes to… Ransom.K. This Trojan encrypts documents on infected computers, and then asks for a $100 ransom to release them. However its reator, probably lacking in experience, included a programming error which allows users to release the files with a simple key combination.

- The most deceitful. This year, the winner in this category is FakeWindows.A, which infects users by passing itself off as a license activation process for Windows XP.

- The party animal. Banbra.GMH arrives in an email promising photos of Brazilian parties (with dancing girls included)… Who could resist?

Computer Clarity