Viruses that target banking information are on the rise
Today’s computer viruses are largely financially driven. They target sensitive information such as identities, credit card or bank account numbers and other data that can be used or sold for profit. Many variants exist and they will attack using different strategies.
Some viruses are designed specifically to impersonate anti-virus software and offer to cure the infection they created by asking for your credit card information. Of course their remedy is to sell your information and leave your computer infected. Others are even more devious and may attempt to infiltrate your computer to siphon keystrokes or even pose as a legitimate bank web site to gain access to very sensitive data.
An example of one of the more dangerous infections is Zbot. This nasty bugger is a trojan (a viral variant that poses as legitimate software) that actually hides deep inside your computer and attempts to steal information by creating web forms that claim your financial institution needs to verify your identity.
Zbot is a built to order virus. That means that there is a “company” that creates this virus and will customize it for malicious individuals and groups, all for a price. This model of distributing viruses is not new, but it is making a come back. The average Zbot toolkit is sold for over $1,000.
The Zbot botnet (groups of infected computers connected together for command and control) is nearly 4 million computers strong. This is the largest botnet in the world and it has been able to penetrate many fortune 500 companies. Botnets are typically used to generate spam, target other computers for infection, harvest information from infected systems and launch large scale DDoS attacks (distributed denial of service).
The best way to avoid infection is to be extremely careful about security. I recommend using the latest version of the Firefox browser (at the time of this article it is version 3.6.3) with the NoScript, Adblock Plus and Web of Trust plug-ins. In addition, I recommend running AVG 9.0 Free Edition anti-virus with a secondary scanner like Malwarebytes or Spybot Search and Destroy. Even though AVG is a great anti-virus and anti-spyware system, occasionally something may slip through the cracks.
It’s important to run the latest Windows updates. There are often critical vulnerabilities that get patched to improve security. These updates may also address bugs and improve performance.
The last step is to be sure that all the main threat vectors are carefully monitored:
1: Exercise caution with websites employing outgoing links, especially on social networking and file sharing websites. A lot of these links go to different places that may not be safe. You should ensure that the links are in fact legitimate. AVG has a web page scanner that is a good way to check.
2: Don’t open or download attachments from suspicious emails. Lately there have been a lot of spoofed emails from Amazon, UPS, the IRS or even posing as friends or relatives that contain viruses either in their links or attachments. If you can’t verify the source, don’t open the message. If you have to open the e-mail scan the link with the AVG web page scanner or download and scan the attachment with AVG anti-virus before you open it.
3: PDFs have become a new favorite for exploiting computers. One wouldn’t think such a seemingly innocent document could spread a virus, but they can and they do. Don’t open any PDFs unless you’re sure they are the genuine article. Also, make sure to have the latest version of your PDF reader. I recommend FoxItPDF reader. Disable Javascript in any PDF reader you use.
4: Be careful with advertisements. I’ve seen a large increase in online ads that link to malware. It’s important to avoid clicking on advertising unless you’re certain that it is legitimate. Otherwise you could end up with an unwanted visitor on your computer. Adblock Plus can help reduce the ads you see significantly to mitigate this risk.
5: Don’t use USB or external hard drives that travel between multiple computers, especially if one is infected. Viruses have a habit of infecting other files and your drives could be a target. If you can’t avoid swapping them around at least run a full file scan before using any files on the drive. You can configure AVG to automatically scan removable devices for viruses.
6: When connecting to the Internet, make sure your connection isn’t open. If you can avoid connecting directly to the Internet or using insecure wireless networks you may save yourself many headaches. Having a broadband router between your computer and your Internet connection is important. A broadband router is different than a cable or DSL modem. They include network address translation functionality and often times a firewall with stateful packet inspection. These features can deter outside automated attacks from hitting your computer. If you can’t avoid connecting insecurely setup a good software firewall, such as Comodo Personal Firewall.
7: Use a less privileged account when web surfing. Instead of using the administrator account, configure a limited account and use that when you need to go to Internet web sites. This can help to cut down the risk of a virus infection and contain it from spreading.
If you find that you are already infected and can’t get rid of it, give us a call at 703-486-0200 x 3 or e-mail us. We’re always happy to help secure your computer and deal with the implications of an infection.
