Print

News >> Browse Articles >> Technology and Innovation

+1

When Complex Passwords Are Not Enough: Keyloggers and Trojan Clampi Virus

When Complex Passwords Are Not Enough: Keyloggers and Trojan Clampi Virus

What if someone stole money from your bank account and the bank was not responsible for the loss? It could happen. By now, most computer users have heard of keyloggers which record all key strokes one does on their computer. These keyloggers come in various forms. Some need a wealth of IT knowledge to implement and others, your five year old child could implement.

Starting off with the less complex would be the ones that plug into the back of your computer between the actual computer and the keyboard. These are easily installed and removed without the user’s knowledge. After all, how many times do you look at the back of your computer? A maintenance worker, co-worker, or janitor could easily install these and capture all your usernames and passwords that you keyed in during the time the small device was installed.

More complex keyloggers come in the form of a trojan virus. A trojan is a type of virus that can be as simple as code hidden in a trusted piece of software, download, or attachment. Once installed on a user’s computer the options are endless. There are several well known viruses out there that prey specifically on user’s bank accounts. One such virus, the Trojan Clampi, has just led to the theft of $479,000 from the Cumberland County Redevelopment authority.

This virus has also been used to steal $75,000 from an auto parts store in Gainesville, Georgia and $150,000 from a public school district in Oklahoma. The Clampi Trojan detects when the user is on one of the roughly 4,600 financial web sites it’s trained to watch. It then records your username and password and feeds the information back to the criminals who use that information to transfer the money to a “mule” account. In addition, most business’ bank accounts are not insured to be protected against cyber theft, and as a result the business will not be made whole by the banks.

To prevent yourself from becoming a victim all you need to do is make sure that the trojan is not installed on the company’s computers that are used to access bank information. Easy to say, but hard to implement. In most cases, the criminals are going after the large company bank accounts and do not touch the personal accounts, although they do occasionally. It is more than likely that many of your employees access their personal banking from their work computer, so almost every computer could present a criminal with an opportunity.

For the hardware keyloggers, you could simply look for them on your computer. For the trojan, like the Clampi Trojan, an easy way to alleviate the risk would be for your bank to require a password and something you have to do to gain access to your bank account. This dual form of authentication could be biometric or a smart card. This would make the trojan virtually useless to the criminal because they would be unable to duplicate your biometrics or smart card. Unfortunately, not all banks require this kind of authentication due to cost and complexity. However, several banks do offer dual factor authentication and I recommend you call your bank to inquire whether they offer this type of authentication. The next best thing to do is make sure your computer is secure. The following are nine steps to make sure your computer is secure:

Are You at Risk for Identity Theft?

IdentityTheft
You might think that your identity is perfectly safe, and that only total morons get their identities and credit accounts stolen. Think again! This quiz will help you figure out how safe your money and identity really are.

Take it now!...

1. Make sure you are running antivirus software on your computer, and that you have installed the latest virus updates.

2. Make sure you have a firewall installed on your computer to monitor the flow of Internet connections into and out of your machine.

3. Download and install any critical updates and security patches from your operating system vendor. You can find all the latest bug fixes and patches for the Windows operating system on the Microsoft website.

4. If you’re using a Wi-Fi network, ensure it is password protected and secure, to prevent other people from being able to piggyback off your connection, or worse, hack into your network and access files and information stored on your computer.

5. When surfing the Internet, do not click on any suspicious links, especially unsolicited emails from unknown senders, or on social networking sites, and instant messaging services.

6. Consider using a prepaid credit card when shopping online, to isolate that account from your debit account or those used for online banking. That way, if anyone does make a fraudulent transaction using those card details, they can only spend a restricted amount of money loaded on to the card, and it also operates separately of your current account, meaning not all of your bank details will be compromised.

7. If you do fall prey to Clampi, or other similar viruses, make sure you change your password and login details for all banking and finance accounts that may have been compromised by the infection.

8. Consider using a separate computer for only banking and no other Internet surfing.

9. Consider a third party security assessment.

A third party security assessment for any organization is helpful and needed to make sure your changing Information Technology environment is secure. Even with the best intentions, small IT changes made by your evolving organization could present large risks. A third party security assessment would allow a second set of eyes to verify that changes made do not cause issues in the future.