Warning about trojans - especially if you are a Yorkshire Bank customer!

Bleurgh

Hi folks,

I work in the IT industry and I've been dealing alot recently with issues surrounding keyloggers and compromised accounts.

Currently there is a growing problem with basic username / password information being compromised via trojans that have been downloaded to a customes computer without their knowledge, the trojan contains a keylogger which records your keystrokes and sends them on to a fraudster.

What is a trojan?

A trojan is essentially a small computer program that sits on your computer without your knowledge and has the purpose to do malicious damage, send spam or obtain your personal details. The origin of the term is based on the ancient "trojan horse" story whereby during the trojan war the Greeks built a massive horse out of wood, the trojans thought it was a gift from the gods and so let it into their city, only to find it was hollow and the greeks were hiding inside ready to ambush them. The term relates to the computer version of the trojan horse in the way that malicious programs are often hidden inside seemingly safe software.

What is a keylogger?

A keylogger is a program that records everything you type into your computer and sends it on to a hacker / fraudster (via the internet) who is sitting there collecting your personal info, in the hope that they can use it for identity theft, fraud and other malicious purposes.

How can a trojan get onto my computer?

There are several ways, downloading dodgy software, clicking on an attachment in your email etc - but the increasingly common way you might get a trojan on your computer is as follows...

You visit a website that contains a hidden frame, usually at the bottom of the page. That frame has a link to a trojan on an external website. The trojan is downloaded onto your computer without you knowing about it. The website you visit can be pretty much any site on the internet that has been compromised without the site owner knowing about it.

How did the hidden frame get there?

Well, its a vicious cycle. The person who owns the website had a trojan on their computer, the trojan contained a keylogger and their login details to their web hosting account were obtained by the fraudster. The fraudster logged into the hosting account and added the hidden frame to the owners website. Anyone visiting that site will become "infected" with the trojan and keyloger. If any of the infected visitors have a web hosting account, their details will obtained and the whole thing starts again.

So as you can see, this is a growing problem and one that we should all be aware of.

How can I prevent this?

You should use some good anti malware software. Often your virus software is not enough to detect these malicious programs. The tool I use is called a-squared, It is completely free. I dont work for them and I am not affiliated with them in any way. I wont link their website as I am sure it will be removed.

When you get hold of a good anti malware checker you should perform a regular deep scan of your computer to make sure there are no nasties sitting there stealing your information.

Can my bank account be compromised?

Anything you type into your computer will be recorded by the hacker / fraudster, so whatever details you provide via email or by typing into a username/ password box can be stolen.

If you use internet banking, most banks provide good security so that the information you type in is randomized and not easy for fraudsters to steal. Unfortunately, some banks - Yorkshire Bank in particular have no methods in place to combat keyloggers.

I wrote their webmaster an email earlier today......

I just wanted to comment on the extremely poor level of security employed by
yourselves on your internet banking website. All the required login
information is obtained from the user by means of typing the correct
responses directly from the keyboard, you do not employ any effective
randomization or other techniques to combat keyloggers. In fact, your login
procedures are so weak in terms of security that I'd be very surprised if
you are not currently experiencing fraud via your website on a very large
scale.

Currently there is a large and increasing problem wordlwide due to trojans
being spread from compromised websites onto home computers. These trojans
contain keyloggers which record the users keystrokes. Usernames and
passwords are collected and then used for fraudulent or malicious purposes.
The problem with your site is that it does not have any measures in place to
combat keyloggers. It is extremely easy to defend against such things by
introducing randomization and mouse-click based authentication, but you have
not employed either of these methods. Keyloggers are not new, they have been
around for years.

For example, LLoyds TSB use both of these methods in one part of their
authentication process. You are asked to select with your mouse from a drop
down list, letters chosen at random from your password. Such actions cannot
be recorded by a keylogger because a keylogger simply records what you type,
not what you click on. Barclays use a special random algorithm generator
that provides a new password every time the customer logs in.

Your security is purely based on whether or not someone could guess the
information provided by the customer - this is an ancient way of thinking,
you have not put any procedures in place to combat simple keystroke
recording techniques.

You only ask for three pieces of "secret" information which, while very
dificult to guess - could be easily obtained by a fraudster simply by
waiting for each one of those responses to be typed in by the customer. Its
terrible!

I'll be honest, I'm extremely shocked that you havent put any effort into
the security of your online banking system and I would suggest that by your
lack of action here, you are purely to blame for any customers accounts
being compromised via your website. You really need to make some urgent
changes to your login security. Why you have left yourselves so open to
abuse is almost beyond comprehension.

So please take my advice. If you are a YB customer - stay well clear of their internet banking unless you are obsessively deep scanning your computer every day with a good anti trojan / malware checker.

:-)

Extant

Or, you know, buy a Mac.

juno

BarclaysManager wrote: »

Or, you know, buy a Mac.

This is supposed to be a money saving site

Extant

Well, I laughed.

Bleurgh

Macs have their fair share of malware and trojans too.

Sportbilly_2

Plus the main way of 'hacking' someone's account is a social engineering/ phishing attack anyway. From what I've seen of the average Mac user, they're every bit as likely to get hit as anyone else, if not more so, given the unwarranted faith they appear to have in their invulnerability.

td_007

BarclaysManager wrote: »

Or, you know, buy a Mac.

and you can fight the trojan without getting wet

Kavanne

juno wrote: »

This is supposed to be a money saving site

I got my Powerbook G4 13" off eBay for £250. Runs like a dream. Only annoying thing is, no snow leopard upgrade for me. Boohoo!

Andystriker

Hi All,

I was wondering with these security passwords if I keep the passwords on a memory stick using Word, and then simply copy and paste them into the log-in Internet Banking - Is this any more or less secure?

The passwords are not kept on my hard drive, they are on the memory stick, and I don't use the keyboard to log in - I copy and paste.

Is this method any more or less secure?

Kavanne

er, if you write them (or type them) down anywhere then it is less secure!!

Andystriker

Forgot to mention,

The passwords on my memory stick in Word are password protected. In other words to get to the Word Document holding the passwords I have to type another password in to open Word. (If that makes sense)

So if the memory stick was ever stolen from my home then the thief would need the password to open word.