Sunday, May 29, 2016

This serpent-like malware lies dormant until you access your bank account

Jennifer Schlesinger
May 28, 2016

If you think you can rely solely on your bank’s internet security to protect you, think again. Researchers at IBM Security have uncovered new malware that targets consumers in order to steal money from their accounts.

“We already know of $4 million that was stolen by this malware,” said Etay Maor, an executive advisor with IBM Security. The worst part: It's still out there.

Maor led the Israel-based team that discovered the malware, which has already been used against undisclosed banks in the U.S., Canada and Europe.

The virus, known as GozNym, is a combination of two pieces of malware — one that infects the computer and the other that waits silently like a serpent until the user visits the website of a financial institution.


Consumers' computers typically get infected with GozNym by clicking on links in emails. (Right now, the virus appears to be limited to PCs.) The email might be a message about a security solution or update. If you click the link — you might think nothing happened, but from that point on you are exposed.

Maor and his team believe the hackers behind the new virus are located somewhere in Eastern Europe.

“Don’t get this wrong, we are up against professional programmers … not kids," he said.


Just last year, 20 million financial records were stolen by malware, Maor said. While exact losses are hard to tally, by some estimates it could run into the billions of dollars.

To guard yourself from GozNym and other viruses, do not click on links in any suspicious emails.

Also, keep your operating system and anti-virus software up-to-date. Software providers are in the process of releasing updates that hopefully will disable GozNym.

Another best practice is to avoid reusing passwords as this can let hackers into multiple accounts.

You should also have two ways to check your account balances, such as using paper statements, ATM receipts or a mobile app in addition to online banking.

The criminals behind GozNym are so sophisticated they can change online banking websites to show full balances even after funds have been transferred out.


No comments:

Post a Comment