How to Protect Your Commercial Bank Account

Remember in Ferris Bueller's Day Off, when Principal Rooney watched on his computer as Ferris' number of days absent ticked down..down..down? Ferris had hacked into the school computer and was "adjusting" his attendance record right under the nose of the principal.

Online criminals may be doing the same thing to your bank account. Crimeware operators are stealing money right from under the noses of consumer and commercial banking customers who may not be able to recover the stolen funds.

Crimeware - viruses that get onto your computer and steal money from your bank account

Security researcher Joe Stewart of SecureWorks details the workings of a piece of crimeware dubbed "Clampi". "Clampi is operated by a serious and sophisticated organized crime group from Eastern Europe and has been implicated in numerous high-dollar thefts from banking institutions. Any user whose system has been infected by Clampi should immediately change any and all passwords used on that system for any websites, but especially financial credentials." Full report here.

Here are examples of recent thefts from commercial bank accounts:

• Bullitt County, Kentucky: $415,000 stolen from the county government bank account by a ZeuS trojan infection. The county was able to recover $105,000 but is still out $310,000. The bank points out that the theft occurred on government computers, not bank computers.
  
• The Western Beaver School District in Pennsylvania had $704,610.35 in school funds transfered out of its bank account to 42 other accounts as far away as Puerto Rico by a virus on a Western Beaver computer system. The bank was able to reverse $263,413.34 of the transfers, leaving the school district with a $441,197.01 loss. The school district is suing the bank to recover the full amount plus interest.
  
• Slack Auto Parts in Gainesville, GA lost almost $75,000 due to fraudulent transfers of funds from its commercial bank account by a Clampi trojan. Once again, the victim was able to get back $14,000 but is still missing over $60,000.
  

Brian Krebs of the Washington Post Security Fix blog now reports that users of commercial banking accounts are being warned to take extra precautions with the computers they use to do online banking. Brian reports that the Financial Services Information Sharing and Analysis Center is recommending that its members "carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible."

This guidance reflects an important reality about today's Internet-connected computers. If the same computer used for online banking is also used for general web browsing, email and other Internet activities, there is a strong likelihood the computer will become infected with money- and password-stealing crimeware. We cannot assume that our computers are free of this malware that evades detection by even the best antivirus programs.

In fact, my position is that it is better to assume the computer has been compromised and take special steps to perform online banking as safely as possible. At Authentium we have created SafeCentral for just this purpose. SafeCentral creates a separate Secure Desktop that protects passwords, bank accounts and other information from crimeware.

SafeCentral provides the following protection:

• Block keyloggers: stops crimeware keyloggers from stealing usernames, passwords and other account information


• Blocks screenshots: Prevents crimeware from taking "snaphots" of web pages that display bank account balances and other sensitive details


• Secure DNS: Provides its own secure DNS lookups to stop DNS-changing crimeware from sending you to fake banking sites that steal your account credentials.


• High-tech Protection: Stops code injection attacks that can snoop on banking session even when they are protected by the familiar "HTTPS" and lock icon appearing in the browser.


• Browser Security: Prevents malicious browser plugins from infiltrating the browser and performing real-time fraudulent bank transactions.

As you can see, we built SafeCentral to provide a separate, hardened environment on computers you already own to provide a safer online experience. Even if you buy a separate computer for online banking, we recommend that you also install and use SafeCentral to provide that extra measure of protection.

Update:
September 15, 2009: Replaced links to news stories with new, non-broken links

Give Your PC a Back-to-School Check-up

While parents are getting their kids to re-focus on math and English, it's also a good time to get the computers in the house ready for school, too.

After a long and busy summer of playing games, downloading music and browsing Facebook, PC's can be out of shape or downright dangerous for serious use. Here is a handy guide for giving your computers that back-to-school check-up.

1. Remove Dangerous Programs
P2P File Sharing programs like Limewire, eMule, or Shareaza are typically used to download pirated music, games and other programs. "Other programs" can include viruses, as I described here. Besides getting a computer infected with viruses, File Sharing programs can also make every document on your computer visible and available to users all around the world--users you don't know (and probably don't want to know). A Seattle man was sentenced earlier this month to over 3 years in prison for stealing tax returns, bank statements and canceled checks from computers all across the country.

2. Free up Disk Space
Windows needs gigabytes of free space to run properly. When important security updates are downloaded by Windows Updates, they may fail to install because of insufficient disk space. Here is a guide from Microsoft on freeing up space on your hard drive. You might ask the kids to find and delete music or videos they know they don't need anymore.

3. Run a Full Virus Scan
You do have antivirus software, don't you? If not, install a security suite immediately. AVG offers a free antivirus program you can get here. Today's antivirus programs are on all the time, watching for badware and blocking what they find. But they don't stop everything the first time they see it. So it's a good idea to pull up a chair, find your antivirus program's "Manual Scan" or "Full Scan" feature and let it run for the hour or more it may take to search the entire computer for badware. Don't worry, you don't have to sit there and watch it. Just check back periodically to see if the scan is complete and review the findings. Choose to "Quarantine" any malware that was found.

4. Set Internet Time Limits
It may have been okay for kids to stay up late on the computer during the summer, but if you want your kids to get a good night's sleep on school nights you'll need to set some limits. First, talk to your kids and agree on an appropriate schedule and the "lights out" policy for computer use. How do you monitor and enforce this policy without watching them every minute? Many security suites include Parental Controls options to set time limits on Internet usage. Wireless routers also have this feature. You can read about Netgear's here . World of Warcraft has an excellent Parental Controls feature that allows parents to create a separate password for managing a time schedule that the game servers will all enforce; the game will log your child out at whatever time you specify. (See screenshot, below) Other online games and most game consoles have at least some ability to control game play.

5. Check Printer Ink and Paper
Okay, this is an easy one. Remember the big lemonade stand banner the kids printed out this summer that used up all the yellow? You won't want any excuses when it comes time to print out that homework. So check for printer paper and get an extra ink cartridge for the printer. That way you'll avoid any "teacher's dirty looks" when your kid hands in their first assignment printed out in magenta.

Settings Play Schedules for World of Warcraft

Are you contributing to the Twitter Denial of Service Attack?

Twitter has been dealing with a denial of service attack this morning that has resulted in millions of users not receiving or posting tweets.

These days denial of service attacks typically are launched from botnets--large numbers of consumer PCs that have been infected with Trojans that wait to do the bidding of the "bot-herders" who manage them. The users of these machines may not know anything is wrong other than, "Gee, the Internet seems slow today." Their Internet is slow because their computer is sending lots of traffic to the targeted site, in this case twitter.com. The bot-herders collect infected machines and then rent them out. Twitter is such a high profile site, it may be just a bot-herder or one of their customers wanting to show off the power of their bot net.

Is your computer a member of one of these botnets? It's not easy for the average Internet user to find out. Seeing rapidly blinking lights on your cable modem even if you aren't using your computer may suggest something is going on. But it could just be an updater downloading a new Firefox or operating system patch.

You may not be too worried about the state of Twitter. But you should Know that botnets can be told to do many things. They can be instructed, for example, to download keyloggers or other data stealing malware. The stolen data is then shipped off to collection servers where the bad guys can then use your bank username and password to steal money.

Keep your antivirus up to date and perform a full scan if you're a little concerned.

Download and use SafeCentral if you want to bank and shop without the worry. SafeCentral users talk about this stuff here: community.safecentral.com.


Update:

It may be coincidental, but we saw a large increase yesterday in our virus-collection network. We received 200 times the normal average of emails with malicious attachments. One node, for example, went from 10 items to 2000 in a day. These were phony emails telling random recipients that a UPS parcel could not be delivered and asking the reader to "print out the attached invoice". The attachment was not an invoice, it was a trojan.

Example of the email. Do not open the attachments in these emails if you get one!