Biometrics? Hardware Key? New Trojans Wait for You to Login

By Michael Santo
Contributing Writer, RealTechNews

I listened to an NPR radio story on biometrics this week. I can’t recall what day it was, but biometrics was being touted as the solution to issues like trojans that capture your passwords, as well as for other things like entering areas that require security clearances. But trojan writers have a new tactic: instead of capturing your password (and worrying about biometrics getting in the way as the technology advances), they wait for you to login to your bank or financial institution, and then transfer the money right out.

“All of the authentication, little keys you have to have in your hand, biometrical things, it doesn’t matter. The bad guy just waits until you’re there and then takes the money out,” (Alex) Shipp (a senior antivirus technologist at MessageLabs) said.

This new type of Trojan is on the rise and is currently No. 3 on the list of most common threats, according to Shipp. The most-seen threat today is remote control code used to maintain networks of zombie PCs, or botnets, he said. Second are phishing scams, which seek to dupe computer users into giving up personal information, Shipp said. Source: ZDNet

We Say: Criminals keep getting more clever. I always wondered if it was too simple to transfer money in and out of a bank account … basically all you need is an ABA routing number and the account number. Though some places require you to confirm initial test deposits, not all do.

Once again, you can’t let your guard down. You need a good antivirus (and in my case, I also have a separate real-time Trojan scanner) and you need to keep it up to date.