Net Attack Aimed at Banking Data

Net Attack Aimed at Banking Data

Wed Jun 30, 9:05 AM ET
By Mike Musgrove, Washington Post Staff Writer

Computer security experts warned yesterday of another new Internet threat that can steal the passwords and account information of people who bank online -- the second such discovery in a week.

Users can pick up the latest bug, which doesn't yet have a name, from pop-up ads that secretly download software capable of capturing their keystrokes. The pop-ups originate at Web sites that receive their ads from certain online ad services, which apparently had themselves been hacked to spread the malicious code.

The bug targets users of Microsoft Corp.'s Internet Explorer browser. Experts said users can protect themselves from the bug by using a non-Microsoft Corp. browser or by using software to block pop-ups. Internet Explorer users are immune if they download and install a patch that was released in April. Internet Explorer users are also being advised to set the security setting for their browsers to "high," a level that makes it more difficult to interact with some Web sites.

Software on computers that pick up the bug will record the keystrokes of users who visit any of 50 targeted financial Web sites, security experts said. The bug apparently attempts to send the stolen information to a Web site based in Estonia.

More: http://news.yahoo.com/news?tmpl=story&cid=1804&u=/washpost/20040630/tc_washpost/a16023_2004jun29&printer=1

TYY

I've gotten a lot of a "Who would you vote for" popups lately. They usually show a picture of the Shrub. Wouldn't it be interesting if they could trace this back to the pubs?

cuz this could be a real problem

If you HAVE to use M$, use another browser.

I, personally, don't do any "banking" activities online.
I obtained a small $ limit credit card ($300) which I use for
doing online purchases only. So, even if stolen (remember, no matter
how careful you are, the vendor where you purchase things has to be
100 percent secure as well), the most I'm out is $300.

From what I've heard, the popup just has to be activated, not clicked
on... it installs a trojan horse that copies all keystrokes to the
browser (IE), and then transmits those keystrokes to a hijacked web
server somewhere, and then the hackers come along and pick up the
file and try to find account numbers/passwords within.

Pretty failsafe.

First hack I ever did at my university was this one... almost 30
years ago now. Never did any harm with it.

TYY:kick: