Beware of e-banking virus out to steal passwords

The Trojan variant virus has six aliases and may come as attachements

GN Bureau | February 11, 2015


#e banking   #trojan   #e banking virus   #banking news   #technology news  

A deadly virus with six aliases is on the prowl and most vulnerable are the e-banking users.

The Trojan variant virus, which has been named as 'Cridex' attacks and steals personal login secrets and passwords of e-banking customers.

Some of the identified aliases of this banking virus are 'Geodo', 'Dapato', 'W32/Kryptik.BVB', 'Worm.Win32.Cridex', 'PWS:Win32/Zbot' and 'Trojan.Gen.2' and can be noticed by these names when they appear online.

"It has been observed that the new variants of Cridex malware are spreading widely. Cridex is an information stealing e-banking Trojan that propagates via removable drives and targets users of online banking/social media for stealing user name, passwords among others," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to e-banking users in the country.

"Like the other major banking Trojans, the malware performs web injects into the HTML pages of financial institutions contained in the configuration file. The malware routes the users to fake banking sites for divulging user information and subsequently connects to the bank site from the victim IP address by bypassing IP reputation blocking," the agency said in its alert.

The agency said, once activated, the virus targets and steals login credentials of various banks and social networking sites like Facebook, Twitter and Instagram among others.

Steps to be taken by users

Enable firewall at desktop and gateway level; update patches and fixes of the operating system and application software; update anti-virus and anti-spyware signatures at entry points; update and install the latest updates and softwares to protect computer from viruses, Trojans; guard against social engineering attacks; opt for strong passwords with alpha numeric characters; resist temptations of opening attachments from known or unknown sources and do not download pirated software.

What is CERT-IN?

CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology (IT) security organization. The purpose of CERT-In is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country.

CERT-In was created by the Indian Department of Information Technology in 2004 and operates under the auspices of that department. According to the provisions of the Information Technology Amendment Act 2008, CERT-In is responsible for overseeing administration of the Act.

CERT organizations throughout the world are independent entities, although there may be coordinated activites among groups. The first CERT group was formed in the United States at Carnegie Mellon University.

Comments

 

Other News

From Shah Bano to Shayara Bano: How Rajiv’s blunder undid secularism

History could have repeated itself as a farce, but in the triple talaq case today, there has been no replay. A historic blunder has been undone, though it has taken three decades. The supreme court has once again taken a stance in favour of individual freedom and against fundamentalism &nda

Train passengers die as rail safety panel recommendations gather dust

 The derailment of Puri-Haridwar Kalinga Utkal express at Khatauli has once again raised serious questions on the railways’ safety claims. At least 21 people were killed and many were injured. The derailments over a period of a few months are giving sleepless nights to the top railway.

Political parties support triple talaq verdict

The BJP as well as the Congress welcomed the supreme court judgment that bars instant triple talaq for a period of six months and also seeks a legislation on it.   BJP chief Amit Shah said that he welcomes this on behalf of the party and added “it’s not about anyo

5 judges, 5 faiths, 1 verdict

Five judges from five different faiths deliberated upon and decided that instant triple talaq is to be struck down for a period of six months and the government should bring a legislation over it.   The supreme court bench was headed by chief justice of India J S Khehar, who

REC, PFC didn’t conduct appropriate due diligence: CAG

Rural Electrification Corporation Limited (REC) and Power Finance Corporation Limited (PFC) did not conduct appropriate due diligence during credit appraisal in power generation projects and in the process assumed higher risks on the loan accounts, noted the Comptroller and Auditor General (CAG) in a rep

Triple talaq verdict historic, says Modi

Prime minister Narendra Modi described as “historic” the supreme court judgment that struck down triple talaq for a period of six months.   “Judgment of the Hon`ble SC on Triple Talaq is historic. It grants equality to Muslim women and is a powerful measure



Video

Current Issue

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter