A new version of widely prevalent SpyEye Trojan horse not only steals money from bank accounts — it also covers its tracks by offering false Bank statements. That means when you visit your online bank, there will be no trace of the transactions that the cyber-criminals have undertaken to steal your money. Worse, your balance will also be adjusted on screen so it looks as if nothing is happening.
You can only realize that you have been hit when your bank starts chasing you because of an overdraft or your credit card is rejected. Trusteer, the security company which detected the attack, says, ‘The next time the victim visits their online banking site, the malware hides the fraudulent transactions, as well as artificially changing the total balance.’
‘SpyEye is a tweak of the Zeus crimeware kit that grabs web form data within browsers,’ says the Naked Security blog at web security experts Sophos. ‘This year, right before the recent holiday season, Trusteer found a hopped-up version of SpyEye attacking banks in the U.S. and U.K.
The new Trojan, instead of intercepting or diverting email messages, hides bogus transactions even after users have logged out and then logged back into their accounts.
The Trojan horse employs a powerful two-step process to commit the electronic crime. First, the virus lies in wait until a customer with an infected computer visits an online banking site, steals their login credentials and tricks the victim into divulging additional personal information such as debit card information. Then, after the stolen card number is used for a fraudulent purchase, the virus intercepts any further visits to the victim’s banking site and scrubs transaction records clean of any fraud. That prevents — or at least delays — consumers from discovering fraud and reporting it to the bank, buying the fraudster critical extra time to complete the crime.
“Most banks ‘let the first transaction through,’ because if they stopped everything that was potentially fraud, consumers would get annoyed,” said Avivah Litan, a financial fraud analyst at consulting firm Gartner. In some cases, fraud-checking tools kick in only after initial reports, so this version of SpyEye could buy criminals important time as they try to turn stolen data into cash.
Victim account holders who check their balance at an ATM — or even at a second uninfected computer — would be able to spot the fraudulent transactions. The virus doesn’t impact bank systems, merely the characters that are displayed within the infected system’s Web browser. That means paper statements would reveal the fraud, too.
The new version of SpyEye has targeted banks in the U.S. and the UK. The attack – on Windows PCs – has already been detected in the U.S. and the UK. With hi-tech cyber attacks such as SpyEye, there are few visible signs that anything is wrong.
There are defences, though – ensure your browser is up to date, manually updating it if necessary. You should also ensure that the ‘anti-phishing’ option is switched to ‘on’ in Firefox, Chrome or Internet Explorer, which will check for ‘blacklisted’ websites and prevent your browser being directed to the ‘fake’ version that delivers your bank statement.