Warning over fake internet bank sites

March 21, 2005

| Submit Comments | Comments (3) | Previous | Next

CONSUMERS who bank online were today warned about the latest security threat - viruses that re-direct users to fake banking and finance websites.

Barclays' and Bank of Scotland's websites are the most recent to have come under attack from so-called "pharming" attacks, according to European communications portal, Lycos UK.

Lycos has been tracking a substantial rise in the virus, known as Troj/BankAsh-A, which can be used as part of these attacks.

The company said its anti-virus filters had stopped 39,789 incidents of the virus since it first appeared on the internet, 34 days ago.

While this is a relatively low number, the virus has the potential to cause massive financial damage to anyone who inadvertently installs it on their PC.

It works by getting downloaded onto a users' machine - delivered as an email attachment, as a download from a webpage or file-sharing network, or is placed on the users' PC as part of another software package.

The virus then lies dormant until the user accesses the internet and attempts to go onto a banking website.

At this stage, the software is triggered into life.

Instead of being directed to the real bank website, the user is sent to a fake website, designed to look like the real thing.

Criminals use the data entered - user names and passwords - to commit fraud on the users' real bank account

"The stolen details are used to hi-jack bank accounts and for identity theft," said Lycos UK head of email, Wessel van Rensburg.

"While these crimes are not new, the methods by which data is obtained is extremely sophisticated.

Details

"This is a multi-billion pound industry and tens, if not hundreds, of thousands are being affected."

The Troj/BankAsh-A virus is a version of a "pharming" attack, a method by which criminals "hi-jack" established websites by altering the way that 'DNS servers' direct web users to their sites:

A DNS server is a directory of 'common' web addresses (www.amazon.co.uk, www.google.co.uk and so on), and Internet Protocol Addresses (users never see these, but every site has one, expressed as a string of numbers eg. 222.123.0.0)

In a "pharming" attack, criminals hack into these databases and change the relationship between the common name and the IP Address to which a user is directed.

So, while a user may type "www.lycos.co.uk" into their browser, when this is translated into an IP address by the DNS server, the user is redirected to a fake site, set up by the criminals to capture users' details.

The Troj/BankAsh-A virus negates the need for criminals to hack these domain servers, because it can redirect the user to a fake website from their own PC.

"The use of this software is far more insidious than recent phishing attacks, because it can be "seeded" out to users' PCs through viruses, worms or email attachments without internet browsers knowing that it is lurking on their machine," Mr Van Rensburg added.

"The use of this software is also more dangerous to users than the spate of "pharming" attacks because the software can lurk on a users' machine for sometime undetected - whereas changes to bank's website addresses are more quickly fixed.

"While the technology industry is just about keeping up with the hackers - with advanced anti-virus filters aiming at stopping this software ever reaching the internet users - education is the only long-term solution.

PC users need to ensure they are taking the correct precautions when using the web in order to protect their data,"

| Submit Comments | Comments (3) | Previous | Next

Showing comments 1 to 3 and replies | View All

Sue, Salford (21/03/2005 at 18:18)

For the many people who are new to the computer age and how to protect their machines, you can download a free firewall to protect your machine.

You can also download a free piece of software which will check your e-mails and your machine in general against attacks.

Of course these companies do offer an upgrade - but you have to pay for it, but the question you have to ask yourself is "I've just paid out all this money for a machine, would a few pounds extra to protect it hurt me?"

Also, you can download a toolbar which blocks 'pop up' adverts from appearing.

Have fun, safely, guys.

mhb, manchester (21/03/2005 at 18:41)

with regard to this issue, today i received a fake email from halifax bank. it really did look authentic, they wanted people to check their details.
it was not nproperly addressed to me and luckily i do not bank online.
when i contacted halifax online to report this matter, they did not give me the impression that they were really interested in a scam like this.
i then went to my local branch - and got the same response, it seems that they are not bothered if customers get ripped off - customers beware.

Jonathan Owen, Derby (01/02/2006 at 11:58)

The scam e-mails are usually detactable if you have a reasonably sound knowledge of grammer. ( If ever there was a good reason for promoting a high standard of written and spoken English then here it is !)

The virus that directs you to a fake website is very scary indeed .. You go to your banks website but something sends you somewhere else that looks the same and reacts the same .. 2 days later, as has recently happened to my wife, large sums of money have been transfered to total strangers. 3 weeks later we still await a refund. Oh it will come I am sure about that but meanwhile one wonders what the banks are doing. They wanted to cut costs and people but the electronic monster that is replacing them is fundamentally flawed. I can well see us all starting to put money under the bed again !

()

Report

News