Small Business Attack – Malware (yes, again)
I’ve posted about the current run of banking malware before. For a quick review, this is malware that sits on your computer and waits for you to access your online banking site. Once you’re logged in, it watches what you do and then surreptitiously transfers money out of your account to the attacker. I’m posting about it again because of the new wrinkle:
It will now alter what your browser shows to you, so that you don’t see the unauthorized transfers.
Essentially, the malware knows what you expect to see and shows you that, while it is simultaneously lurking under the radar of banks and avoiding their anti-fraud systems. For those that want more details, read this, this, this and this.
For everyone else, try the following:
1) Check your banking statements very carefully. Most home users have at least 30 days to challenge a transfer, but business users only get 2.
2) Work with your bank to implement a call-back mechanism so that you can approve transfers.
3) See if you can use a dedicated system for only doing banking. Leave it unplugged and turned off unless you’re using it or patching it.
4) Keep all of your other systems patched and run a decent anti-malware system.