Trojan Plunders $480k From Online Bank Account

[Peaches]

Trojan plunders $480k from online bank account

Windows and online banking - Just say no

By Dan Goodin in San Francisco

14th October 2009 21:28 GMT

A Pennsylvania organization that helps develop affordable housing learned a painful lesson about the hazards of online banking using the Windows operating system when a notorious trojan siphoned almost $480,000 from its account.

News reports here and here say $479,247 vanished from a bank account belonging to the Cumberland County Redevelopment Authority after it was hit by Clampi. The trojan gets installed by tricking users into clicking on a file attached to email and then lies in wait for the victim to log in to online financial websites. The authority has so far been able to recover $109,467 of the stolen loot.

The theft is part of a rash of online heists that have stolen millions of dollars from businesses and non-profit organizations. While circumstances are different in each case, they all point to a single point of failure: Each theft relied on the successful compromise of a Windows-based system.

It was this undeniable fact that led Brian Krebs - author of the Security Fix blog which over the past month has published a series of articles detailing high-stakes bank thefts - to recommend Windows machines no longer be used by those who choose to do their banking online.

"I do not offer this recommendation lightly," he wrote. "But I have interviewed dozens of victim companies that lost anywhere from $10,000 to $500,000 dollars because of a single malware infection."

To be clear, that's malware that ran only on Windows.

Indeed, the Clampi variant that hit the Cumberland redevelopment authority reportedly was able to succeed even though employees used an automated clearing house token that generated a different eight-digit access code every minute or so. Redevelopment authority officials didn't return calls seeking comment for this article.

The obvious solution for many is to simply close all online banking accounts. Contrary to what banks say, writing checks really isn't that much of a hassle, at least if you don't write that many of them.

[TheTerrorist_75]

Just another case of stupid people clicking on links that they shouldn't have.

[Peaches]

I have a friend who clicks on anything and everything including pop ups that say to download software. When I ask why she did it or does she need it , she says "I don't know, it said I had to download" & so she did. Now her computer is so compromised she can't do anything on it and is now asking for me to clean it out & so I do. Perhaps she should pay a techie $90/hr. plus and she may discover and take time to learn computer security/maintenance. I set up her computer security and she undoes it because someone told her she didn't need it so she uninstals everything. Oh boy!! There are others I know that do the same thing and when I point them to sites such as this one to even to simply read if they do not wish to join ... no way so they continue to have issues and then complain. One of these days I will say "NO".