Robert Siciliano Identity Theft Expert

CNET reports Researchers at security firm Finjan have discovered a new type of banking Trojan horse that doesn’t just steal your bank log in credentials but actually steals money from your account while you are logged in and displays a fake balance.

The virus known as URLZone is controlled by servers in the Ukraine and steals money from the users account based on how much is actually in the account live in realtime when you are logged in. URLZone targets Firefox, Opera and the last three versions of Internet Explorer.

Currently the exploit is only affecting computers in Germany; however this is probably the most sophisticated worm of its kind to date. And it’s only a matter of time until it spreads further.

White hat hackers are struggling to stay one step ahead of the criminals. There are more ways to compromise data today than ever before. Viruses quadrupled in one year, from just over 15,000 in 2007 to nearly 60,000 in 2008. Black hat hackers are out in full force.

Like most viruses today, the URLZone generally infects a PC when the user clicks a link or visits an infected site. Once the virus is installed it sits waiting for the user to bank online. That’s when it goes to work.

While the user is banking online the virus is actually communicating in the background with the banks server. Transactions are being processed and the user doesn’t see any of it happening. Frankly, this doesn’t even sound possible to me. But it’s happening.

The virus erases its tracks by displaying a bank balance on the infected computer that doesn’t show the amount stolen. The victim will only recognize a discrepancy in their balance when using an uninfected computer, getting a paper statement or when they use an ATM. Otherwise when checks start to bounce.

The sophistication of the criminal hacker has risen to a level that the virus hijacks the victim’s browser then steals the money during and online banking session, and then covers its tracks by modifying information displayed to the victim, all in real time. This is not good.

Recently a couples bank account was compromised as a result of their own insecurity. The bank claimed no responsibility and held the couple accountable for the loses. Now they are suing the bank. Depending on how this case pans out, you may be held responsible for the loss if you’re hacked.

1. Make sure your anti virus up to date and set to run automatically.

2. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

3. Update your operating systems critical security patches automatically

5. Check your bank statements often, online, at least once a week.

6. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing online banking insecurity

Be Sociable, Share!