SpyEye Trojan defeating online banking defenses - Computerworld

Richard revo753 at yahoo.com
Tue Aug 2 18:03:58 CDT 2011


Hi All,

Bob, I wonder if online banking is worth bothering with.  I read what you had to say.  As I understand it, one can do everything the right way, and still get hacked.  It seems so much easier just to write a check, and mail it.   There are risks here too, but is would seem much safer, and easier to prove one's case if there was fraud.

Best Wishes
73s
Richard Demaret
KI4KXJ

--- On Sun, 7/31/11, Robert Stratton <bob at stratton.net> wrote:

From: Robert Stratton <bob at stratton.net>
Subject: Re: SpyEye Trojan defeating online banking defenses - Computerworld
To: "Richard" <revo753 at yahoo.com>
Cc:
 "Tacos" <tacos at amrad.org>
Date: Sunday, July 31, 2011, 12:24 PM

I'll give you my two cents, from the perspective of someone who used to run a lab at one of the larger security software companies.

The bottom line is that you have to weigh the risks against the work involved in taking measures to protect yourself. I don't think it's exactly prohibitive to run a tight ship, but being lackadaisical is fraught with peril. I apologize in advance if any of this seems obvious, but taken together, they're pretty much the minimum I'd consider conscientious. 

I think there are things a prudent user can do to make the risk manageable, but nothing is without risk. As mentioned earlier on this list, getting some form of two-factor authentication token from your bank is a good first step. 

Don't be fooled by whizzy features on the bank sites like "virtual PIN pads" where you have to click on buttons rather
 than typing your password/PIN into a form field. The problem is that some of those simply fill in a hidden field, and malware captures the stored form _after_ that process, so it doesn't buy any additional security. 

The best thing you can do is to have a computer that you keep up-to-date with current patches, and a 
***browser that you keep up-to-date with patches and don't use for anything else***. 

Log out with the log out button when you're done with your banking session. Your banking computer should have legit, updated anti-malware software on it.

Unfortunately, there are lags between the discovery of bugs by malefactors and incorporation of signatures into the AV products by vendors. The same is true of operating system bugs and updates. That's part of why there will always be risk. 

If you really want to be fastidious, I suppose you could avoid keeping your banking computer connected to the Internet when not in use,
 but you'd have to balance that against the need to download updates. 

Ideally, try to find anti-malware products that also include features like
- periodic automatic scans of your whole computer. Yes they take forever. Have them run in the middle of the night when you're not on your machine. 

- whitelisting of legitimate files/downloads and "reputation" scores for things you download

- data loss prevention - some of these allow you to specify information that shouldn't ever leave your computer without your specifically allowing it (like your social security, driver's license, or credit card numbers) or files that shouldn't be sent without permission, and will flag you if something tries to access/transmit them.

Even if you don't use that particular browser for other activities, it's still important to exercise some judgement about what you download or upon which you click. If you get electronic mail purporting to be from
 your bank, favorite shopping site, or PayPal, it's important to be sure that it's real before you click on it. In some cases, simply having the message rendered in the preview pane is enough to infect your system with malware, which is why having some sort of anti-malware software is important. 


----- Original Message -----
> 
> 
> 
> Hello All,
> 
> In reading the article, I can only wonder: Is online banking worth
> the risk?
> What do you think?
> 
> Best Wishes
> Richard
> KI4KXJ
> 
> 
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> https://amrad.org/mailman/listinfo/tacos
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://amrad.org/pipermail/tacos/attachments/20110802/0a0ccc08/attachment-0001.html>


More information about the Tacos mailing list