50 Banks in Pharming Attack

by santonov on February 27th, 2007 in Industry and Security News, Security Alerts.

Todays security news story comes with a moral: never underestimate the importance of having good anti-virus, anti-spyware, and firewall software, along with always making sure to update your operating system.

Last week's pharming attack on over 50 financial institutions that targeted online customers in the U.S., Europe and Asia-Pacific has been shut down, but not before it was able to infect at least 1,000 PCs per day over a three day period.

This is a significant strike not just because of the number of banks that were hit, but because of the sophistication of the attack and the effort put into it, reports say. A separate look-alike website was constructed for each banking site that was targeted.

Here's how they pulled off the attack: you had to be lured to a website hosting malicious code exploiting a Microsoft critical vulnerability reported last year; an unpatched computer would then download a Trojan, subsequently downloading five more files from a server in Russia, while all you would see was an error message recommending that you shut off your firewall and anti-virus software; When you visited any of the targeted sites with your infected PC, you would be redirected to a look-alike website that tracked your account login information and sent it to the Russian server; You would be redirected to the real banking site, given no indication of what had just occurred; An attacker could then use your personal information for identity theft, fraud, or to sell to other criminals.

It's not yet known if anyone has lost money, reports say. Among the targeted companies were Barclays Bank, the Bank of Scotland, PayPal, eBay, Discover Card and American Express.

Remember, as cyber-criminals keep showing us that they're willing to go the extra mile, you need to keep your system updated and your PC secure!