Its clever design allows it to bypass almost any security mechanism implemented by banks

Feb 2, 2012 10:05 GMT  ·  By

Security researchers identified a variant of the Ice IX malware currently targeting online banking information that belongs to users in the United States and the United Kingdom. This modified version of ZeuS tries to steal not only bank account data, but also information on telephone accounts belonging to the victims.

Trusteer experts determined that by stealing the telephone accounts, the attackers can divert calls from the bank that were intended for the customers. By redirecting the calls to their own numbers, the fraudsters obtain the post-transaction verification codes that approve the transactions.

In one instance of these attacks, Ice IX was spotted maliciously recording the customer’s user ID, password, the secret question and its answer, date of birth, and account balance.

Once this is done, the victim is asked to update the phone contact details that include service provider, international dialing code, area code and phone number. In this situation, a drop-down list allowed users to select a service provider: British Telecommunications, TalkTalk, or Sky.

Now, the crooks only need one more piece of information and to obtain it, they present the victim with a third page that requests the telephone account number, considered highly private data, used by the phone company to verify the identity of subscribers when they require account modifications such as call forwarding.

At this stage, a form appears, informing the user that this is needed as a result of “a malfunction of the bank’s anti-fraud system with its landline phone service provider.”

These attacks are cleverly designed and very dangerous for the integrity of a customer’s bank account. Post-transaction attack methods allow cybercriminals to gather all the sensitive information they need, later utilizing it to bypass all the security mechanisms implemented by the bank.

Trusteer, and probably other security solutions providers, offer software that can mitigate such attacks, and that’s why it’s highly important to make sure that the computer from which we perform sensitive transactions is fitted with a reliable, updated application.