Posted by John Verry on Tue, Apr 06, 2010 @ 11:39 AM
Hopefully, this will be the last time I write about Zeus the banking Trojan. However, when the New York State Department of Homeland Security releases a five page cyber information security advisory -- its a little hard to ignore it.
It’s a very comprehensive document that provides good guidance, although I was a bit disappointed they didn’t discuss using a non-windows platform and/or running off a live bootable cd or usb.
That being said, I really liked their idea of using the on screen keyboard (osk.exe invokes it) for entering in your password. It’s a tiny bit awkward ... but it virtually eliminates your password from being stolen via Zeus or similar malware.
Posted by John Verry on Fri, Mar 19, 2010 @ 02:22 PM
Sadly the ABA's warnings regarding small businesses' use of online banking has not been well heard. Most small businesses have not yet changed their information security practices to protect themselves from banking malware.
King & Little, a NY based marketing firm faces bankruptcy after it was victimized by the Zeus banking trojan. Over a very short period the attacker emptied the bank account of $164,000. 
Understandably (but still way disconcerting), TD Bank advised King & Little that because the theft occurred because one of King & Little's computers was infected with malware that TD Bank is not responsible for the loss.
What is most disappointing is that the online banking sites do not yet have the controls necessary to protect from this type of attack. For example, requiring out of band (e.g., text message) validation for certain types of events (e.g., new payee added, payments above a user definable threshold, etc.)
I have long been a fan of online banking and had taken precautions, most notably not using a windows based machine for my online banking. Post this incident, I built an Ubuntu based machine that is only turned on when I am doing banking. Further, I have restricted outbound and inbound access to HTTPS to the specific banking sites I use. The user account that I use to do the banking has limited rights as well.
To this point I am not aware of Zeus, URLZone, Clampi, or SilentBanker targeting Ubuntu. Should that change .. it may be time to find my old checkbook ...
* * * * * * * * * * *
Check out our Techno-Blog for a safe, simple solution!