If you've been following the blog, you have probably seen a few stories featuring Zeus...the "online banking" data stealing Trojan. 



I don't want to make Clampi feel left out.  So here's a few excerpts from a story written by the Daily Mail in the UK. 



First...a couple quotes about Clampi, in order to properly introduce the threat it poses:




"The best strategy to defend against Clampi is to use separate machines for Web surfing and funds transfer" 



"It's too dangerous to do transactions on the same machine you do for Web surfing," he says. "You can't have any crossover between them."




- Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.






Editor's Note: Thank you Mr. Stewart! We've been making that case for 15 months and it's gratifying to hear industry experts echo our mantra.



When Mr. Stewart says: "the only way" to protect against Clampi is to use two separate machines," we wholeheartedly agree. I would like to make one clarification. Clampi is but one of the reasons to use a separate piece of hardware to conduct financial transactions. Take into account all the "pre-existing" Trojan malware, add in the keylogging, the phishing, and more. The threat is not Clampi as much as it is "the wicked web the hackers have weaved.



The web is the equivalent of a village made of straw houses, where 10% of the inhabitants are full-time arsonists. (I loved that quote from the previous post) This blog and HomeATM has been, is and will forever be on the record stating that people should use "separate machines" for Web surfing and financial transactions. And we will prevail so the hackers do not!



That's the entire basis behind why we created the HomeATM product line....and the slim is many times cheaper than having to purchase another PC! The fact that our device is both PCI 2.x and TG-3 certified only strengthens the case for choosing it. The best way to defend against the myriad threats is easy. Surf the web on one machine (the PC) and conduct financial transactions on another (the HomeATM)



You Have Only Two Choices When it Comes to Fighting Fraud and Keeping Your Card Holder Data out of the Hands of the Hackers! "SLIM" and None!



A security researcher has discovered a Trojan that is designed to extract account data from as many as 4,600 of the world's most popular and wealthy businesses.



In "one of the largest and most professional thieving operations on the Internet," a Trojan called Clampi (also known as Ligats, llomo, or Rscan) has spread across Microsoft networks in a worm-like fashion, and may already have infected hundreds of thousands of corporate and home PC users, according to SecureWorks researcher Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks.





"We weren't all that worried about Storm, and we weren't all that worried about Conficker," Stewart says. "This one you need to worry about."





IBM: Unprecedented State of Web Insecurity - No Such Thing as Safe Browsing



Internet security is busted, said researchers at the Black Hat conference in Las Vegas today

Oh!  Here's a couple excerpts from that story I was talking about...and don't forget to check out the "related stories" if you have any doubts about what I'm saying in this post.  The Web is Broken and we Aim to Fix It!

Online Banking Passwords at Risk!



By
Daily Mail Reporter




"Computer hackers have created a new trojan virus which could mean a security headache for hundreds of thousands of online banking customers.



The Clampi virus, which is spreading quickly across the United States and Britain, infects computers when they visit a site which contains the attackers' code. The virus then sits dormant until a user visits the website of a bank, credit card company or other financial institution, whereupon it captures security information such login and password.



The virus collects personal security details when a user logs on to a banking website and sends them to waiting hackers .  The stolen details are then sent back to the hackers who use them in online fraud scams.



The virus monitors over 4,500 financial websites, including British High Street banks, along with online casinos, email providers, shopping sites, utilities and mortgage lenders.



The Clampi virus has already caused chaos for some schools and businesses in the U.S. with hackers completing fraudulent electronic transactions worth thousands of dollars. Despite being around in various forms since 2005, researchers say the new strain seems to be spreading more aggressively.



Read more:
http://www.dailymail.co.uk/news/article-1215091/New-virus-puts-online-banking-passwords-risk.html#ixzz0SPvwRlNi



Reblog this post [with Zemanta]

Posted by John B. Frank Monday, September 28, 2009

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers