The "RISKY BUSINESS" Blog

Sadly the ABA's warnings regarding small businesses' use of online banking has not been well heard. Most small businesses have not yet changed their information security practices to protect themselves from banking malware.

King & Little, a NY based marketing firm faces bankruptcy after it was victimized by the Zeus banking trojan.  Over a very short period the attacker emptied the bank account of $164,000.

Understandably (but still way disconcerting), TD Bank advised King & Little that because the theft occurred because one of King & Little's computers was infected with malware that TD Bank is not responsible for the loss.

What is most disappointing is that the online banking sites do not yet have the controls necessary to protect from this type of attack.  For example, requiring out of band (e.g., text message) validation for certain types of events (e.g., new payee added, payments above a user definable threshold, etc.)

I have long been a fan of online banking and had taken precautions, most notably not using a windows based machine for my online banking.  Post this incident, I built an Ubuntu based machine that is only turned on when I am doing banking.  Further, I have restricted outbound and inbound access to HTTPS to the specific banking sites I use. The user account that I use to do the banking has limited rights as well.

To this point I am not aware of Zeus, URLZone, Clampi, or SilentBanker targeting Ubuntu. Should that change .. it may be time to find my old checkbook ...  

* * * * * * * * * * *

Check out our Techno-Blog for a safe, simple solution!