Banking Malware – How Safe are we in Online Banking?

What Is Online Banking Fraud?

Online Fraud is the act of committing a financial fraud which has a digital footprint. Some of the key frauds are business opportunity fraud, Charity donation fraud, Domain name scams, Identity fraud and Mass marketing fraud. Scammers most frequently use Malware, Trojans, Phishing and Vishing to carry out such attacks. These acts by cyber criminals tend to siphon off financial, personal or intellectual property data of any individual or organization. Ransomware based malwares are created with the sole intention to extort money from their victims.

If you are targeted with hoax e-mails, which appear to be genuine bank emails, then you need to be alert enough to respond to such e-mails. These e-mails ask you about the security details, hence, you need to be ensure that your logging into the authentic banking site. Banks never send any e-mails to the customers to get the confidential details. Thus it is better to stay alert! Sometimes, the purpose of the websites is to obtain your credentials to access your financial accounts. Alternatively, these websites may ask you to install software from any link given in the page. By downloading the software you are in fact tricked into downloading a virus.

Malware is an all sorts of malicious and harmful software. Unrequested and undetected, it succeeds in installing itself on your computer. Malware influences normal computer processes and steals information. Fraudsters use malware to get money out of your account as well as to commit identity theft.

If computer is infected by Malware that will sends information to your bank that is different from that which you intended – for example the recipient of a payment. Malware could also introduce additional  data fields in an otherwise genuine site, by injecting additional code into your browsing session within your browser.

How Malware Spreads?

While visiting a website, you may get a pop-up which states that it has found a virus on your computer; and exhorts to install a free trial of a virus scanner or run an online scan of your computer.

You get an e-mail that appears to be from your bank with the request to install the attached update to plug into a hole in their internet banking security. This can also happen when you find a video on the internet. In order to play it, you have to install a special plug-in which in itself is malicious.

Naturally not every download contains malware, but it is definitely the case that malware is often downloaded along with unknown files from the internet.

Ransomware is a form of malware that gives criminals the ability to encrypt the files on a computer – then display a window informing the owner that it will not be decrypted until a sum of money is paid. The best-known variety of ransomware in recent times is called CryptoLocker.

CryptoLocker is one of the nastiest pieces of malware ever created. It’s not just because it takes  money from you but due to the sheer fact that your important files are encrypted rendering them useless. It is also to be noted that once it manages to encrypt your data, there is no way for you to decrypt those files except the one provided by Cryptolocker itself ie. Payup the ransom and get the decryption key.

Phishing

Perpetrators of online fraud using the phishing technique try to get hold of your personal data and or your Credit/ Debit Card by sending e-mails, sms messages or calling you on the telephone. This data  will allow them to withdraw money from your account but also to perpetrate identity fraud. Phishing does not only affect Internet banking but it can also pose a threat to any payment system via digital wallet.

This can happen if you receive an e-mail out of the blue. The message appears to be from your bank or the company issuing your credit card. You have to click a link to a website that looks extremely similar to your bank’s own website.On this site, you read that you must enter, complete or check your personal data concerning your accounts, credit cards and codes. This will be for “security reasons”, “file checks”, “data loss”, etc. Sometimes you will also be requested to mail your data directly to a specific person.

Although phishing is mainly done via e-mail, fraudsters can also call you on the telephone. They pretend to be a bank employee telling you that there are problems with your bank account or your credit card and your financial security is on stake.

                Vishing, similarly to a phishing scam, the fraudster will masquerade as a well-known and trusted business in an attempt to gain information. However, rather than this being carried out via email, the scammer will telephone their victim. They could also be tricked by phishing emails or vishing phone calls into disclosing your password and other confidential details. Identity theft caused by viruses or spyware, give criminals to access to your bank account and other personal information stored on your computer.

                Smishing scams are similar to phishing scams.You get a sms message from a bank or service provider asking you to do something. However, the Smishing is really a       message from a scammer.While most people are familiar with email phishing scams, they’re less skeptical when receiving Smishing messages and victim gets trapped easily

Preventive Measuresbanking malware

  • Make sure your Smartphone or tablet is always protected with a PIN which is difficult to guess.Do not reveal your PIN to anybody, nor write it or store it where it can be found. It is a good practice to regularly refresh passwords and PIN codes, ensuring that you are using a unique combination of letters, numbers and punctuation for your various log in details.
  • Make sure your PC is sufficiently secured, for instance by installing an up-to-date version and a Anti-virus or a secured WI-FI connection.
  • Use the option for a text message to be sent every time a transaction occurs on your account. This will notify you of fraudulent transactions as soon as they happen.
  • If someone calls you up on behalf of your bank and asks you to provide personal data and/or to sign electronically, refrain from taking any action at all, for your bank will never ask you to provide this kind of information.
  • Put your electronic signature only for orders you expect or have initiated yourself.
  • In case of doubt, immediately abort the transaction and take contact with your bank’s help desk, especially when the procedure for signing differs from the usual procedure.
  • Check your statements of account at regular intervals.
  • Keep the banking and other apps on your device regularly updated.
  • In order to avoid such incidents, use reputed Anti-Virus and IT security solution providers like eScan and stay safe from all such attacks.
Posted in eScan 11 | Leave a comment

If You Get Redirected While Searching On Google, Yahoo or Bing…Chances Are You Have the “Browsing Redirect Virus”

What is Browser redirect virus?

Browser redirect virus is a cyber threat that belongs to ‘Browser hijacker’ category. Programs that belong to this category (search engines, deceitful browser add-ons and extensions) can be downloaded to the system and installed on each of web browsers without realizing that because they are mostly spread with a help of hidden ‘bundling’.
Some symptoms that you are having this virus on your PC:

• Browsers freeze
• Pages not loading at all
• Google/Bing/Yahoo searches redirected to malicious sites
• some programs won’t respond
• Internet connection brakes itself
• Terrible adds popping on visited webpage

If your browser is forcing you to redirect to new location like delta-homes.com, conduit, and search protect or other domains while you are using Google, Yahoo, Bing or other search engine, then it’s a sign that you have already got infected by the browser hijacker. Please, do not ignore such signs and do not let this browser redirect virus stay on your computer because there is a huge danger that your web browser (Internet Explorer, Google Chrome, Mozilla Firefox, Safari, Opera, etc.) will be redirected to unsafe site that belongs to malware creators. Besides, once browser redirect virus hijacks the system, it can also start showing you annoying pop-up ads during your browsing. In addition, it can easily start tracking your browsing habits and start collecting information, which is related to your browsing habits, such as your search terms, mostly visited websites, information that you add when visiting these websites, your computers’ IP addresses and locations. This information is considered as ‘personally non-identifiable’ but its loss can lead you to various issues, such as an increased amount of spam and similar problems. As we have already mentioned, such potentially unwanted and sometimes even dangerous programs are actively spreading around with a help of bundling.

Browser Redirect Virus Removal Guide

• Remove browser redirect related programs from your computer using the Add/Remove Programs control panel (Windows XP) or uninstall a program control panel (Windows 7 and Windows 8).
• Go to the Start Menu. Select Control Panel → Add/Remove Programs.

If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.
If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for Control Panel or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control Panel from there. When the Add/Remove Programs or the ‘Uninstall a Program’ screen is displayed, scroll through the list of currently installed programs and remove the following:

• Quiknowledge
• LyricsSay-1
• Websteroids
• BlocckkTheAds
• HD-Plus 3.5
• and any other recently installed application or unknown programs

Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you’re done, please close the Control Panel screen.

There may be PC users or Mac OS users whose computer is hijacked by a browser hijacker. In order to avoid such incidents, use reputed Anti-Virus and IT security solution providers like eScan and stay safe from all such attacks.

Posted in eScan 11 | Leave a comment

New Ransomware now Accepting Gift Cards

Ever wondered how your Amazon Gift Card can be used as payment for Ransomware? The answer is probably ‘yes’, thanks to the wily cyber criminals. According to the latest research of eScan, a new file encrypting program has been discovered named TrueCrypter, which is used by the hackers to extort money from the users.

What is TruCrypter Ransomware?

It is a Ransomware, which prohibits the users from accessing their personal document files, zip files and a host of other files. The victims cannot access their files unless they have a private key, which is owned by the malware author and in order to obtain the key, the victim has to pay ransom amount to the cyber-criminal in virtual currency, such as Bitcoins.

So how does it work?

The malware enters into the user’s system through a spam e-mail attachment. It can also distribute through malicious websites, third party software downloads etc. Firstly, it will check if the process is running under Sandboxie. This is a sandbox based isolation program for 32 and 64-bit Windows NT-based operating systems. Secondly, if Sandboxie is present, it would terminate the processes and not continue. In addition, it will kill process related to the Task Manager (taskmgr.exe) and other security programs. Next, it would proceed to encryption. TruCrypter Ransomware uses AES-256 encryption, which encrypts the following extensions: .xlsx, .docx, .jpeg, .pptx files. During the process of encryption, Shadow volume copies are deleted and in addition to it, the victim’s wallpaper is changed with an image containing a message, which states that files are encrypted and the victim must pay 2-5 Bitcoins or $ 115 USD in Amazon gift cards.

What should you do?

If you are using anti-virus other than eScan, we advise you to make use of eScan Rescue Disk which provides a Windows based clean environment that not only helps to scan and clean the system but also to fix the Windows registry changes done by destructive Malware like TrueCrypt. To know more about eScan Rescue Disk, click: http://bit.ly/1QZVKfc. It is recommended to update your antivirus software (eScan), which will protect your system from all kinds of Malware attacks and maintain backup of your data on regular basis.

ransomware-file-encryption

Posted in eScan 11, eScan 14, Security | Tagged , , , , | Leave a comment

Petya Ransomware Attacks your Hard Drive

This year should be declared as year of Ransomware! Cyber-criminals come up with new families and new versions of it, resulting in making life miserable for victims of their extortion campaigns. In our threat predictions for 2016, we had predicted that Ransomware will be a major threat in this year. Little we did know that Ransomware would target Master Boot Record. We have witnessed Ransomware locking desktop, encrypting files, Web servers, shared drives and backups and targeting various operating systems.

According to the latest research of eScan, a new variant of Ransomware named Petya (Trojan.Ransom.Petya.C) has been found targeting human resources in German companies, the Malware replaces Master Boot Record (MBR) and encrypts the Master File Table on an infected Windows computer’s hard drive and demands 9 Bitcoin in return for the decryption key.

How does Petya enter the system?

It is typically transmitted through spam emails targeting business users pretending to contain job applications. For instance, HR personnel receiving a Dropbox link to a file, which pretends to be resume of a candidate, who is seeking a position in the company. Clicking the file leads to installation of Ransomware. The Malware replaces boot drive’s Master Boot Record (MBR) with a malicious loader. MBR is the first sector of any hard disk which tells computer how it should boot the operating system. The Malicious loader will prevent the computer loading the OS correctly and disables booting up in Safe Mode and it will force Windows to reboot. In order to execute the Ransomware, it will display a phony checkdisk (CHKDSK) operation. During this process, the Malware will encrypt master file table. Master File table (MFT) is a database in which information about every file and directory on an NTFS volume is stored. Once MFT is encrypted, the system does not know where files are located, or if they even exist, as it is inaccessible. After successful encryption of MFT is carried out, Ransomware displays a ransom message to victim, instructing them to connect to TOR site and pay 9 Bitcoin to make ransom payment. The cyber crooks intentionally choose Tor to maintain anonymity.

What makes this Ransomware is unique?

Typical Ransomware usually encrypts files of certain types like pictures, office documents and so on. The OS is untouched by the Malware as cyber-crook expects the victim to use the pc for ransom payment. However, in this case, it does not happen likewise since access to the whole hard drive is blocked.

How to safeguard?

  • Update your antivirus software (eScan) on regular basis, which will protect your system from all kinds of Malware attacks.
  • Ensure that all software’s installed in your system are updated frequently, including Oracle Java and Adobe.
  • Implement a three dimensional security policy in your organization, i.e. firstly understand your requirement based on which IT Security policy would be prepared accordingly. Secondly, educate your staff about the policy and finally enforce the policy.
  • Make sure you either implement MailScan at gateway level or enable Mail Anti-virus on endpoint in order to block extensions such as *.EXE, *.SCR, *.JS, *.VBE etc. These attachments would infect your system.
  • Open emails only if you are positive about the source.
  • Regularly backup your important files.
Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , | Leave a comment