Beware of e-banking virus out to steal passwords

The Trojan variant virus has six aliases and may come as attachements

GN Bureau | February 11, 2015


#e banking   #trojan   #e banking virus   #banking news   #technology news  

A deadly virus with six aliases is on the prowl and most vulnerable are the e-banking users.

The Trojan variant virus, which has been named as 'Cridex' attacks and steals personal login secrets and passwords of e-banking customers.

Some of the identified aliases of this banking virus are 'Geodo', 'Dapato', 'W32/Kryptik.BVB', 'Worm.Win32.Cridex', 'PWS:Win32/Zbot' and 'Trojan.Gen.2' and can be noticed by these names when they appear online.

"It has been observed that the new variants of Cridex malware are spreading widely. Cridex is an information stealing e-banking Trojan that propagates via removable drives and targets users of online banking/social media for stealing user name, passwords among others," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to e-banking users in the country.

"Like the other major banking Trojans, the malware performs web injects into the HTML pages of financial institutions contained in the configuration file. The malware routes the users to fake banking sites for divulging user information and subsequently connects to the bank site from the victim IP address by bypassing IP reputation blocking," the agency said in its alert.

The agency said, once activated, the virus targets and steals login credentials of various banks and social networking sites like Facebook, Twitter and Instagram among others.

Steps to be taken by users

Enable firewall at desktop and gateway level; update patches and fixes of the operating system and application software; update anti-virus and anti-spyware signatures at entry points; update and install the latest updates and softwares to protect computer from viruses, Trojans; guard against social engineering attacks; opt for strong passwords with alpha numeric characters; resist temptations of opening attachments from known or unknown sources and do not download pirated software.

What is CERT-IN?

CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology (IT) security organization. The purpose of CERT-In is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country.

CERT-In was created by the Indian Department of Information Technology in 2004 and operates under the auspices of that department. According to the provisions of the Information Technology Amendment Act 2008, CERT-In is responsible for overseeing administration of the Act.

CERT organizations throughout the world are independent entities, although there may be coordinated activites among groups. The first CERT group was formed in the United States at Carnegie Mellon University.

Comments

 

Other News

The dirt in the diamond trade

The dazzling diamond trade has been hit hard by the Nirav Modi episode, which saw the billionaire jeweller flee India just before a massive fraud amounting to Rs 11,000 crore was detected at a Punjab National Bank branch in Mumbai. But, Nirav Modi is not the only diamond tycoon who has been

PM lays foundation stone for Navi Mumbai International Airport

PM Narendra Modi on Sunday laid the foundation stone for Rs 16,700 crore Navi Mumbai International Airport. The first phase of the construction is expected to be completed by December 2019. The project is going to be implemented 21 years after it was first proposed. The airport is likely to handle 10 milli

Health groups irked by the SC order on vaccine PSUs

Health groups have expressed their disappointment with a February 12 order of the supreme court, refusing to review or recall an earlier order disposing off a case against the mala fide suspension of the vaccine public sector units (PSUs) and government’s tendency to pamper private sector with public

Cut government stake below 50% in banks: Assocham

The Punjab National Bank`s fraudulent transactions worth Rs 11,300 crore should act as a strong trigger for the government for reducing its stake to less than 50 percent in the banks which should then be allowed to work on the lines of private sector lenders with a full sense of accountability to their sha

Tightrope walking meets poll dance

Budget 2018, forecast to be a “please all” budget, has come out as a “disappoint all” budget. The public is looking askance at a budget that gives with one hand but takes away with both, the Sensex has gone into a tailspin and the pink papers are issuing dire warnings.

Should public sector banks be privatised?

Should public sector banks be privatised?

Current Issue

Current Issue

Video

CM Nitish’s convoy attacked in Buxar

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter