The Simon Tonekham Statesman

To all bank account holders out there (and to those who rely on Online Banking), there’s a new trojan creeping up and you (and your entire bank balance) may never know it until the damage it has done. The new trojan (a similar manner like a virus) called “Silentbanker”, targets many financial institutions worldwide even those in Canada. This particular trojan can intercept transactions that require certain steps and then quietly change the bank details of the user and transfer that into the hacker’s own account.

This particular trojan uses the bank’s genuine (valid) website as part of the attack. Traditional hackers looking for access set up fake (phony) websites designed to look the same way as the online banking website. This is just like the same manner as “Phishing” (No, this term has nothing to do with the band Phish, which coincidentally is one of Bobby’s favourites), in which e-mails are set up to look like the same thing and the user won’t go unaware until the damage is done…..

I usually avoid phishing sites by installing an alternative web browser such as Mozilla Firefox and then add some extensions to enhance my user experience such as the NetCraft toolbar and McAfee’s SiteAdvisor. Here are some tips to avoid a potential victim of this latest fraud:

• Update all security software (Anti-Virus, Spyware)
• Check to see if there is a fix for a particular web browser (in this case Internet Explorer) or go to Mozilla Firefox
• Make sure you have a firewall installed on your system (hardware or software). I highly recommend ZoneAlarm’s Free Firewall (or if you prefer, you can spend the extra money on investing a “hardware firewall” such as AlphaShield. If you have an old computer lying around, you can use it as your own Hardware Firewall and using a special Linux distrobution (ClarkConnect, IPCop), but although I wouldn’t recommend going to the old PC turned into a hardware firewall route because you will have an impact on your hydro bill if you intend to run it all the time – it also create some problems with your hardware and eventually, a fire hazard.
• If you have a broadband (Cable/DSL) router that has a built in firewall, use it. But for maximum protection, I highly recommend installing a software firewall in conjunction of a hardware firewall. If you want to test your PC for securability, then I highly recommend going to GRC lab’s Shields UP! test, which you can do it for free – in your web browser. No extra software needed.
• Consider getting an Anti-Spyware application (program). The free programs I recommend are Ad-Aware, Spybot and Windows Defender.

If you do suspect that you are a victim of fraud, report to your financial institution immediately. They will often reimburse you for the loss. The same matter goes to your credit card company, if you realized that you didn’t make the purchase, you will not be held responsible for that purchase (some conditions may apply for Visa, MasterCard, American Express, Discover cardholders) – that’s the Zero liability policy.

We all have to be vigilant to all of our surroundings, guys. You must protect your precious assets – your bank account.

References:

http://www.canada.com/topics/technology/story.html?id=0e8222a8-aa09-406b-be1c-0bce3e7a2a8b&k=48015 

http://www.cbc.ca/technology/story/2008/01/17/tech-trojan-banker.html 

http://news.google.ca/news/url?sa=t&ct=ca/0-0&fp=478fa5564f552b94&ei=z_uPR4C1Comk-wHwyqyvCA&url=http%3A//m-net.net.nz/2157/latest-news/latest-news/trojan.silentbanker-defeats-2-factor-authentication-attacks-400-b.php&cid=0