Beware of e-banking virus out to steal passwords

The Trojan variant virus has six aliases and may come as attachements

GN Bureau | February 11, 2015


#e banking   #trojan   #e banking virus   #banking news   #technology news  

A deadly virus with six aliases is on the prowl and most vulnerable are the e-banking users.

The Trojan variant virus, which has been named as 'Cridex' attacks and steals personal login secrets and passwords of e-banking customers.

Some of the identified aliases of this banking virus are 'Geodo', 'Dapato', 'W32/Kryptik.BVB', 'Worm.Win32.Cridex', 'PWS:Win32/Zbot' and 'Trojan.Gen.2' and can be noticed by these names when they appear online.

"It has been observed that the new variants of Cridex malware are spreading widely. Cridex is an information stealing e-banking Trojan that propagates via removable drives and targets users of online banking/social media for stealing user name, passwords among others," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to e-banking users in the country.

"Like the other major banking Trojans, the malware performs web injects into the HTML pages of financial institutions contained in the configuration file. The malware routes the users to fake banking sites for divulging user information and subsequently connects to the bank site from the victim IP address by bypassing IP reputation blocking," the agency said in its alert.

The agency said, once activated, the virus targets and steals login credentials of various banks and social networking sites like Facebook, Twitter and Instagram among others.

Steps to be taken by users

Enable firewall at desktop and gateway level; update patches and fixes of the operating system and application software; update anti-virus and anti-spyware signatures at entry points; update and install the latest updates and softwares to protect computer from viruses, Trojans; guard against social engineering attacks; opt for strong passwords with alpha numeric characters; resist temptations of opening attachments from known or unknown sources and do not download pirated software.

What is CERT-IN?

CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology (IT) security organization. The purpose of CERT-In is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country.

CERT-In was created by the Indian Department of Information Technology in 2004 and operates under the auspices of that department. According to the provisions of the Information Technology Amendment Act 2008, CERT-In is responsible for overseeing administration of the Act.

CERT organizations throughout the world are independent entities, although there may be coordinated activites among groups. The first CERT group was formed in the United States at Carnegie Mellon University.

Comments

 

Other News

Demonetisation: When cash played peek-a-boo

Post-demonetisation, cash did the Houdini vanishing trick at ATMs. With currency notes playing hide and seek, life was sheer misery. Things improved a bit, but the situation is back to square one. The ATMs are running dry, yet again. Rajiv Bajaj, scion of the family that makes hugely popular

Stories you must read over the weekend

  Tribals in the land of the legendary Birsa Munda in Jharkhand are fighting against the amendments of the Chotanagpur Tenancy Act (CNTA) and Santhal Pargana Tenancy Act (SPTA). These were hastily changed by the BJP government – first by an ordinance in June, and then, amendments i

NHRC recommendations cannot be set aside with impunity: justice Bhandari

  Recommendations by the National Human Rights Commission (NHRC) cannot be set aside with impunity merely on the ground that it is a recommendatory body,” said justice Dalveer Bhandari, member, international court of justice.    Addressing the meet

NALCO mines get 5-star rating for sustainable development initiatives

   The Panchpatmali bauxite mines of national aluminum company limited (NALCO) has been conferred with a 5-star rating by the ministry of mines.   The 5-star rating award, along with a certificate of excellence was handed over to Tapan Kumar Chand, CMD,

Some Odisha coal mines not being fully utilised

It is a fact that some of the opencast projects (OCP) of Mahanadi Coalfields Limited (MCL), a subsidiary of Coal India Limited, are not being utilised up to their full capacity despite having good potential for coal production, the Lok Sabha was informed. Union minister Piyush Goyal said tha

MGNREGS: 21 states have performed below par

In Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), the average persondays generated at the national level is 39 days per rural household in the financial year (FY) 2016-17 (as on February 1, 2017). During the same period, 21 states have reported average persondays per household lower t

Video

आतंकियों की नकेल कसने में जुटा पाकिस्तान
Digital Transformation Summit

Current Issue

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter