New Virus Raids Your Bank Account - But You Won't Notice

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
This is a scary scam on any level. A new virus will drain your bank account and then covers its own tracks by removing the unauthorized transactions and readjusting the balance, leaving the account holder with no way to know someone has hacked into the account. The delay will be found sooner or later, but by that time the hacker will have been long gone and into other accounts.

The new virus technique ups the ante in the cat-and-mouse game between security companies and the computer criminals who try to steal consumers' money.
Click to expand...
 
i don't know how it works in the US (except that they still use ancient stuff like checks), but where I live you get a TAN sent to your cell phone and enter that in the online banking system. so, unless the cell phone is infected too by the same virus I would notice immediately and it wouldn't go through. However, I have read of schemes where the virus asks for your phone number when you log on to the banking site (that is controlled by the virus you got on your pc) and then it sends you a link to a "security update" for your phone. If you install that too, the virus controls the whole chain of the transaction. you must be a complete idiot to do that, but since they are plenty, it will work often enough.
 
I'm gonna call BS on this. Every bank has it's own unique security so this just isn't possible.
 
Yeah Im gonna wave my BS flag around some on this as well. A virus that can empty your bank account then erase any trace it was there? Sounds a little too perfect to be real in terms of a virus.
 
Did you guys read the article before bitching about it being BS? They aren't hiding anything on the bank end they are screwing with the page that you see so that when you log in you don't see those transactions on there and your balance shows up without that money missing. If you check anywhere other than the infected computer then you will see the correct amount and the unwanted transactions.

There is nothing here that is BS
 
What I don't understand is why they didn't tell us how to prevent this in the article.
Also, is it browser specific? OS specific?

Crucial information is missing from this article, its almost as if it was just conjecture from heresay.
 
Hack your bank account? Yea, I could see that, especially in the day and age of online banking. Cover up its own tracks by removing unauthorized transactions and readjusting balances? No, not going to happen. I work for a financial institution and I know for a fact that to remove unauthorized transactions and readjusting balances (at least for our institution) would require going through multiple different networks and servers to accomplish it and in that time it would trigger at least one or more safe guards.
 
exlink said:
Hack your bank account? Yea, I could see that, especially in the day and age of online banking. Cover up its own tracks by removing unauthorized transactions and readjusting balances? No, not going to happen. I work for a financial institution and I know for a fact that to remove unauthorized transactions and readjusting balances (at least for our institution) would require going through multiple different networks and servers to accomplish it and in that time it would trigger at least one or more safe guards.
Click to expand...

Was looking for the edit post button but its gone? :confused:

Anyway, realized that they aren't hacking the actual banks to remove the unauthorized transactions and readjusting balances but rather what your computer displays when it goes into online banking which is entirely possible. Very complex, but possible. Article states that the correct balances would still be displayed at banks and ATM's but not online.
 
exlink said:
Was looking for the edit post button but its gone? :confused:

Anyway, realized that they aren't hacking the actual banks to remove the unauthorized transactions and readjusting balances but rather what your computer displays when it goes into online banking which is entirely possible. Very complex, but possible. Article states that the correct balances would still be displayed at banks and ATM's but not online.
Click to expand...

Due to the high cost of Edit Buttons, they aren't included in the front-page news section articles :)
 
What it really means when it says it hides the transactions is that the virus alters the html to be rendered. It removes all unauthorized transactions and adjusts the balance. So the website sent your computer the correct information the problem is that the virus is preventing it from being displayed.
 
TechLarry said:
Due to the high cost of Edit Buttons, they aren't included in the front-page news section articles :)
Click to expand...
That is hilarious. Seriously though... where is the edit button?

Back on topic, I just don't see this as being a real issue anyone should be worried about. As others have said, every bank is different. If it was just editing transactions/balances displayed on a webpage, maybe... but that would be a ridiculously difficult thing to do. It would have to 1) somehow transfer money from your account after logging in (because this virus is said to remove the money first), which would involve taking you through several pages (different for each bank) needed to setup the transfer, add the receiving account, etc..., then 2) log those transactions in memory somewhere, 3) parse that info out of anything that matched on the screen (which is absolutely ridiculous), and 4) do that for every browser/OS combo out there.

Besides, I check my account frequently, but when I really go over, I download a PDF version of my statement and use that. Is this virus going to edit those as well?

Major BS flag.
 
Flapjack said:
That is hilarious. Seriously though... where is the edit button?
Click to expand...

Never were allowed to edit posts on the front page subforum - at least for a long time. Keeps the flaming down because people have to be more cautious about what they post.
 
vsboxerboy said:
Never were allowed to edit posts on the front page subforum - at least for a long time. Keeps the flaming down because people have to be more cautious about what they post.
Click to expand...
Makes sense. Thanks for the explanation.
 
As "Ahnuld" would say "BOOL-SHEET!"

You MAY get something that's designed to trip on one particular bank's website and create a bogus transaction, silently, in the background.. But "erasing the transactions"?

Yeah. I'm going to have to go with "Customers don't erase their own transactions".
 
This wouldn't be a bank-side virus. Rather, it would have to be installed on the user's computer so it could inject fake info (or remove some info) from your online banking's HTML page in real time. In addition, since it would have to be on the user's computer, I'm assuming it would "hack" your online banking info by keylogging and/or manipulating any cookies stored for your bank's site.

This is also too complex a situation for the virus to work except against specific, known bank sites, so probably just big banks like BoA or Wells Fargo, etc.

My small-town bank doesn't use a standard (if there is a "standard") online banking page, so the virus would have to be written specifically for that bank or it would more than likely just break the page when it tried to load.

Rather "scary" that a virus could potentially drain your account and cover its tracks, but that seems no more difficult than the fake anti-virus trojans that redirect web pages to fake security scams, disable existing AV and windows update, and other things.
 
Browsers today are so full of exploits it's not even funny. What's scary is it's so easy to catch a drive by virus now, no matter what browser you use. AV's usually don't stop drive bys either as they're not really considered viruses.

I guess it's a good idea to look at bank settings to see if it can send you notices for each transaction, that way if someone makes a transaction without your consent you'll know about it.
 
Chas said:
As "Ahnuld" would say "BOOL-SHEET!"

You MAY get something that's designed to trip on one particular bank's website and create a bogus transaction, silently, in the background.. But "erasing the transactions"?

Yeah. I'm going to have to go with "Customers don't erase their own transactions".
Click to expand...

Read the article and other post then try again. It isn't screwing with your actual account to erase a thing. When you go to www.mybank.com this virus sits there the first time and stills your info. Person then uses your account next time you go to www.mybank.com this virus sits on your computer and now knows which charges the person made so when your browser is rendering the page this virus just happens to make your computer forget to render those rows of charges then when displaying the balance adds back on what they spent.

They aren't erasing anything at the bank level, they are just making that one computer see their fake page instead of the real one.
 
According to Symantec these browsers are at risk Firefox, IE and maxthon (whatever that is)
 
my free checking account at a huge and non private bank wouldnt even allow this to happen, I think we are in the clear
 
exlink said:
Was looking for the edit post button but its gone? :confused:

Anyway, realized that they aren't hacking the actual banks to remove the unauthorized transactions and readjusting balances but rather what your computer displays when it goes into online banking which is entirely possible. Very complex, but possible. Article states that the correct balances would still be displayed at banks and ATM's but not online.
Click to expand...

Apparently this virus has mutated and now removes forum edit buttons as well as your banking information in order to cover up its tracks.
 
Not to mention there are a variety of ways to check my bank account on my phone without any need for a PC to begin with.
 
To be honest this would be the only reason I never signed up for paperless statements. While I check my accounts on-line once every 2-3 days I do scrutinize my paper statement as well once I receive it .
 
Binar said:
To be honest this would be the only reason I never signed up for paperless statements. While I check my accounts on-line once every 2-3 days I do scrutinize my paper statement as well once I receive it .
Click to expand...

Didn't you hear? The virus also puts white-out on your paper statements!
 
I have seen something like this running live on a client's PC. None of the security software spotted it, even the "Rapport" thing all the banks insist on in the UK.

The example I saw was older as it was still after the passwords. Everything looked fine on screen. Normal security steps being followed at login. Username. Account number. Then the page came up which should have said "enter 3rd, 7th and 9th letters of password" and this had been swapped with a "enter the whole password" page. All in the banks correct colours.

I had to pull the hard drive and do a root kit scan via another PC. MBR virus was part of the game here, all hiding its tracks all the way up. Just sitting and waiting for the client to access that specific bank's login page.

So - yeah - going a few steps more and faking the statements page would be an easy update to this.


Of course, this virus would have very specific targets. The targets would only be those banks that they have been able to copy the screens of. For many people this virus would stay permanently dormant.
 
This is definitely possible if your computer or maybe even just browser is infected with it. From the article, I am guessing all it is doing is basically making a snapshot of the pages you visited at certain financial institutions (like the scrapbook plugin does in firefox) then it does some transfers, makes another snapshot of the transaction(s), compares and flags the lines of it's transcations then stores it. When you go to your bank the next time, it intercepts pages, and anything it did gets deleted before the pages display on your browser. That is not that difficult to do, any programmer can easily write code to compare 2 lines of text and if that text is the same to not display it. It wouldn't affect any paper statements and PDF versions of your statements because it is only intercepting and modifying the transaction list being sent from your bank to your browser. Checking your bank records on another uninfected PC or device also foils this. The issue then becomes how often does the user check their account on other devices than the one that was infected. I would guess that the number is much lower than most here think.

Remember the thieves aren't trying to make it undetectable because that is really impossible, they are trying to make it good enough for you to not notice for as long as possible to buy themselves some time before you start reporting something is wrong to the bank.
 
This is stupid and ridiculous. The amount of time/energy/lines of code that would go into something like this just is not worth the return. You might fool someone for a little while, but as soon as they check via phone, mobile app, or paper/PDF statement, it would be foiled. Most people are NOT techies, who live and breathe online. I would hazard a guess that the majority of people still use traditional methods to manage their accounts.

I don't care if this is technically feasible, it is just not practical. Most hackers would be happy enough to get money out of your account in the first place. Unfortunately, most of these are never caught. The bank puts the money back in your account, turns the transactions over to their investigations dept, and moves on.

This doesn't even take into consideration that it's not usually the user that detects the illicit transactions... It's usually the bank. I check my accounts often, but on both occasions I've had unauthorized transactions, I found out through my bank.
 
cj3waker said:
my free checking account at a huge and non private bank wouldnt even allow this to happen, I think we are in the clear
Click to expand...

And how would they prevent this? I would lik to know what magic they use?

Emission said:
Not to mention there are a variety of ways to check my bank account on my phone without any need for a PC to begin with.
Click to expand...

Flapjack said:
This is stupid and ridiculous. The amount of time/energy/lines of code that would go into something like this just is not worth the return. You might fool someone for a little while, but as soon as they check via phone, mobile app, or paper/PDF statement, it would be foiled. Most people are NOT techies, who live and breathe online. I would hazard a guess that the majority of people still use traditional methods to manage their accounts.

I don't care if this is technically feasible, it is just not practical. Most hackers would be happy enough to get money out of your account in the first place. Unfortunately, most of these are never caught. The bank puts the money back in your account, turns the transactions over to their investigations dept, and moves on.

This doesn't even take into consideration that it's not usually the user that detects the illicit transactions... It's usually the bank. I check my accounts often, but on both occasions I've had unauthorized transactions, I found out through my bank.
Click to expand...

They are not planning on this being a way so that you never find out, they just hope to get a extra day or two before you catch on. Gives them a few extra chances to take out money. Do you call every hour? Every day? Probably not, ones that check online would be the ones that you need to worry about as they check more also, also THEY have to be checking online for the virus to be doing anything to begin with it is stilling your bank info when you log into your bank account. Kind of hard for that to happen if you don't log into your online billing.
 
FYI, this has been around for a while, its call MITB. SpyEye and Zeus have used this type of attack for a LONG, LONG time.

Old news is so exciting! (It's not your fault steve, I blame trusteer and AV companies for being behind the ball.
 
Won't work on me, I have e-mailing turned on on my account... unless they can also stop the bank from sending me e-mails every time a transaction happens.
 
Jabroni31169 said:
FYI, this has been around for a while, its call MITB. SpyEye and Zeus have used this type of attack for a LONG, LONG time.

Old news is so exciting! (It's not your fault steve, I blame trusteer and AV companies for being behind the ball.
Click to expand...

This is a new version of spyeye
 
You must log in or register to reply here.
Back
Top