Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Hackers grab bank details with fake ad

  • 07-07-2004 2:19pm
    #1
    Registered Users, Registered Users 2 Posts: 2,472 ✭✭✭


    URPOSE
    The purpose of this advisory is to bring attention to Hackers who have found a new method of stealing bank details from home computers.

    ASSESSMENT
    Img1big.gif is a file containing a Trojan named pwsteal.refest. It attempts to secretly install itself on the computer and steel confidential information.

    A virus uncovered last week was hidden inside so-called "pop-up" advertisements that appeared on screen without warning, experts have warned. Clicking on the "close" button to get rid of the advert triggered the virus to attempt to secretly install itself on the computer. The bug was programmed to wait until the user began logging on to their internet bank account where it tried to steal personal details, such as passwords, before the information reached the bank. When Internet Explorer makes an HTTP POST request to one of these domains (for example, when the user submits a web form at a bank site), the Trojan also sends the information to a cgi script at www.refestltd.com.

    The new Trojan was aimed at customers of nearly 50 banks around the world
    including:

    * .anz.com
    * .bendigobank.com.au
    * .citibank.com
    * .citibank.de
    * .commbank.com.au
    * .dab-bank.com
    * .deutsche-bank.de
    * .e-gold.com
    * .hsbc.com.au
    * .hsbc.com.hk
    * .online-banking.standardchartered.com.hk
    * .sparkasse-banking.de
    * .stgeorge.com.au
    * banking.lbbw.de
    * banking.mashreqbank.com
    * banknetpower.net
    * barclays.co.uk
    * cd.citibank.co.ae
    * cibconline.cibc.com
    * citibank.com.au
    * dit-online.de
    * easyweb.tdcanadatrust.com
    * ebank.uae.hsbc.com
    * ekocbank.kocbank.com.tr
    * hercules.pamukbank.com.tr
    * internetsube.akbank.com.tr
    * lloydstsb.co.uk
    * national.com.au
    * nbd.ae
    * online-banking.standardchartered.ae
    * online.nbad.com
    * pbg1.edc.citiaccess.com
    * standardchartered.com
    * suncorpmetway.com.au
    * westpac.com.au
    * www.alahlionline.com
    * www.almubasher.com.sa
    * www.arabi-online.com
    * www.cbdonline.ae
    * www.citibank.com.hk
    * www.dahsing.com
    * www.ebank.iba.com.hk
    * www.privatebank.citibank.com.sg
    * www.sabbnet.com
    * www.samba.com
    * www.scotiaonline.scotiabank.com
    * www.unb.com
    * www1.bmo.com
    * www1.royalbank.com

    SUGGESTED ACTION
    PSEPC recommends that you ensure your anti-virus detection software definitions are current.

    Additional information about this worm is available at the following links:
    http://reg.smh.com.au/splash.do?site=SMH&server=http:%2f%2fwww.smh.com.au&retn=%2farticles%2f2004%2f07%2f05%2f1088879407085.html
    http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.refest.html


Comments

  • Registered Users, Registered Users 2 Posts: 2,942 ✭✭✭Mac daddy


    Sneaky bastard*s :D:D


  • Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    Well, thank God for firewalls, virus scanners, Firefox and knowing what the hell I'm doing...


  • Registered Users, Registered Users 2 Posts: 678 ✭✭✭briano


    I see from the symantec site that it is a IE only problem. Which makes me wonder why don't the banks, when sending out the mountains of crap that they send out every month advertising their online services, put in a CD with an alternate browser? say "Free Demonstration CD", pop it in, have autorun.inf display a little message saying "your browser may not be secure, would you like to install <insert-particular-flavour-of-browser-here>?"


    <rant>
    Its this sort of thing that drives me nuts: Little pop-up boxes appearing on websites saying "your browser is not optimised to view this webpage, please install IE" Why not turn it around and put it on websites that are subject to these schemes (BHO, phishing, everything after special chars not being displayed in the address bar) and have a little redirect saying "I see you are using IE, please visit one of these sites and upgrade your browser"
    </rant>

    I mean, I know it'll never happen, but damn it would be nice


  • Closed Accounts Posts: 7,563 ✭✭✭leeroybrown


    If the banks started advocating the use of an alternate browser most of them would probably have to partially re-write their eBanking applications to get them to work 100% reliably with browsers other than IE.


  • Registered Users, Registered Users 2 Posts: 678 ✭✭✭briano


    If the banks started advocating the use of an alternate browser most of them would probably have to partially re-write their eBanking applications to get them to work 100% reliably with browsers other than IE.

    That would have to be the worst excuse I could think of. I mean, how much does your average e-banking site cost to implement? tens of thousands?, Hundreds?, Millions? For that sort of money I'd expect them to not only work with whichever browser I used, but to be able to be as secure as humanly possible. If that means only one type of browser is 100% reliable, it better not be the one with the worst track record for security.


  • Advertisement
  • Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    Originally posted by briano
    That would have to be the worst excuse I could think of.

    Hows this for a better one?

    Its not their job to offer you alternate browsers. Thats up to the individual themselves to source a new browser if they are unhappy with the one they have.

    Frankly, if anyone with any bit of knowledge is stupid enough to use IE in this day and age after all the warnings, and especially without a pop-up blocker of some shape or form, then its their own problem.

    Unfortunatly, information regarding IE's problems often doesn't reach the common dolt, sorry, user in manner they can understand, or they can't be bothered doing anything about it when they do hear of it...

    In summery, expecting the bank to supply you with common sense is stupid.


  • Registered Users, Registered Users 2 Posts: 2,942 ✭✭✭Mac daddy


    Originally posted by doodle_sketch
    Hows this for a better one?

    Its not their job to offer you alternate browsers. Thats up to the individual themselves to source a new browser if they are unhappy with the one they have.

    Frankly, if anyone with any bit of knowledge is stupid enough to use IE in this day and age after all the warnings, and especially without a pop-up blocker of some shape or form, then its their own problem....

    In summery, expecting the bank to supply you with common sense is stupid.

    That is why i converted to Opera in work and Mozilla at home:p


  • Registered Users, Registered Users 2 Posts: 678 ✭✭✭briano


    In summery, expecting the bank to supply you with common sense is stupid.

    What, like posting notices out saying "Don't store your pin with your bank card"? You mean that sort of common sense?
    Frankly, if anyone with any bit of knowledge is stupid enough to use IE in this day and age after all the warnings, and especially without a pop-up blocker of some shape or form, then its their own problem.

    What Warnings? We (nerds) see them, but average joe luser doesn't. At most there is a bit on the news about the latest virus.

    The banks on the otherhand do know about these threats, because thats their job (to safeguard other people's money). It annoys me that they don't make the effort to warn their customers who might know nothing about computers, and not understand that they could mitigate the threat from assorted malware just by changing browser.

    Brian (running opera under linux. Take that pwsteal.refest)


  • Registered Users, Registered Users 2 Posts: 4,276 ✭✭✭damnyanks


    IE was targetted for the obvious reason that it is used by the vast majority of net users. The banks can send out CD's with firefox, mozilla or whatever. It wont stop these people they will just write virus's to exploit more then 1 browser.


Advertisement