Trojan is a program which often looks like a legitimate program such as a game or utility. It travels with another program which you may download from a website or receive as an attachment in an e-mail. When executed, Trojan scan gathers information about our computer (files, passwords, etc.) without our knowledge and transmits this information back to the fraudster who has sent the trojan.
At times, this virus is designed specifically to capture credit card related data and build a mini- database at a pre-decided location for misuse by fraudsters.
In extreme cases, Trojan can also give the fraudster complete access to our computer without our knowledge. Once this type of Trojan has been installed on our computer, the attacker can access and use our computer as if they were the real owner!
A sample of the pop-up appearing on the infected screen is given below.
Spyware gathers personal information from our computer or information related to our activity on the Internet and sends the information without our knowledge to fraudsters.
How does a Trojan or Spyware program get on the computer?
Trojans and spyware are often hidden inside other computer programs. Trojans and spyware are commonly hidden inside softwares such as:
- Screen savers
- Time and date updaters
- Custom cursors (mouse pointers)
- Weather updaters
- Browser toolbars
- Internet games
- Online word documents
- Excel based documents
Malware is primarily designed to infiltrate systems and the access information stored on them for criminal, commercial or destructive purposes.
Malware varies greatly in both, form and functionality. Some malware is used to steal information such as credit card numbers, identities or sensitive business information from the computer it infects. Other malware may take over our computer and use it for attacking other systems. Alternatively, the malware may just be malicious, with a sole purpose to destroy or corrupt information on your computer
How does Malware spread?
E-mail:
Malware is often present in e-mail attachments, or/and can be automatically downloaded and installed on your computer, when you click on links within e-mails.
Websites:
Malware can be inadvertently downloaded from websites, or automatically downloaded while visiting some websites.
Pop-Ups:
A fairly new tactic to spread malware is through the use of cleverly disguised pop- up adverts that appear as legitimate looking "Windows" alerts or messages.
Social Networking Sites:
Malware is increasingly spreading through social networking sites by installing dubious 3rd party add-on applications or by web links in messages. There is a false sense of security when using these sites, so you must remain vigilant at all times.
Software:
Malware located in legitimate looking software is one of the most common ways it is spread. Peer to Peer software and cracked or pirate software (e.g. 'warez'), often facilitate the spread of malware.
Computer Media:
Malware can be easily spread through the shared use of computer storage media such as DVDs, CDs and USB drives.
Mobile Devices:
Malware has been known to spread through mobile devices such as cell phones. As devices become more and more like mini computers, the threat of malware on these devices will increase.
How to protect your computer from Malware?
- Use a Firewall- Install and activate a personal firewall on your computer.
- Ensure your anti-virus and spyware detection software is updated regularly; daily if possible.
- Know what you are installing before you click 'install'.
- Do not enter your passwords, card details and codes in pop-up windows that may appear for no reason in the midst of your activity on any website or social websites.
- Log off from the session immediately on completing your activity.
- Ensure to do your online shopping on known and reputed websites only.
- Do not install any software that comes as an attachment via e-mail/web promotion.
- Run spyware checks on your computer frequently. A weekly scan is highly recommended.
- Never buy software in response to unexpected pop-up messages or e-mails
- Never click links in messages from unknown or untrusted contacts, and avoid clicking on message links sent from trusted contacts unless you are certain where it will lead you
- Never install unauthorized, unlicensed or unapproved software on your computer
- Do not insert untrusted computer media into your computer
- Be alert of unsolicited text or other message requests for software installs or links to unknown or untrusted locations
ICICI Bank has strong measures to ensure the security and safety of your account. By staying alert to potential security threats and keeping in mind the suggestions listed above, you can enjoy a safe and secure banking experience.
We at ICICI Bank believe in promoting awareness amongst our customers by updating them with the latest threats and alerts associated with online banking.
Recently an alert was issued by CERT-In and US-CERT highlighting that a new banking malware known as 'Dyre/ Dyreza' was used to target customers of well-known financial institutions. Indian Computer Emergency Response Team (CERT-In) and United States Computer Emergency Readiness Team (US-CERT) are nodal government agencies that deal with cyber security threats in India and the United States respectively. These agencies issue alerts and advisories to update users about latest trends in information security along with newly discovered vulnerabilities.
The alert issued mentions that since mid-October 2014, a phishing campaign has been targeting a wide variety of consumers while employing the Dyre/ Dyreza banking trojan. This campaign uses various tactics with the intent to entice recipients into opening attachments and downloading malware. Most of the popular banks' customers are targeted with such e-mail attacks.
How does a Dyre/ Dyreza malware reach your system?
The malware propagates by using social engineering techniques (Phishing) or by means of spam e-mails. These e-mails pretend to be genuine e-mails received from a financial institution and contain either a ZIP file or a PDF document as an attachment. The zip contains Dyreza malware which installs itself on the target system on being executed.
The e-mails that were commonly observed to be sent to spread the malware used the following patterns and characteristics:
- Subject line: "Unpaid invoic" (Spelling errors in the subject line are a characteristic of this campaign)
- Attachment name resembling Invoice621785.pdf
What are the impacts of this malware?
Dyreza attaches itself to your Internet browser intercepting any information visible on the browser including your user ID credentials and passwords.
- Attempts to take your passwords or account/ card details of online services, including banking services
- Bypasses your secure browser protection settings
- Captures your keystrokes (while entering passwords)
- Intercepts your browsing activities and communicates the same to the miscreants
What are the symptoms of being infected with Dyreza?
Following are the symptoms you will observe if your computer is infected with Dyreza or similar malware:
- Slows down, crashes or displays repeated error messages
- Will not shut down or restart
- Unintended downloads/ unexpected flow of pop-ups
- Displays web pages you did not intend to visit or sends e-mails you did not write (you may check your sent items for this). Once you realise you are affected with a malware, change your banking or e-mail passwords immediately using an uninfected system
- New and unexpected icons in your shortcuts or on your desktop
- Your laptop battery drains more quickly than it should
How should one be safe from such malware?
In order to be safe from such fraudulent attacks, you need to be aware of it. It is recommended to take the following preventive measures to protect your computer networks from phishing campaigns:
- Do not follow unsolicited web links in e-mail
- Use caution when opening e-mail attachments
- Follow safe practices when browsing the web
- Install a reputed and paid anti-virus
- Keep your anti-virus up-to-date
- Keep your operating system and software up-to-date with the latest updates
A key-logger is a device (physical device, hardware) or a computer program (software) which is secretly connected or downloaded on the computers. The aim of this device/program is to record all keystrokes that are generated from a keyboard. The keystrokes are secretly recorded without the user’s knowledge and are viewed by the fraudsters. Usually, the person who has installed the key-logger can retrieve the record by pressing a combination of keys simultaneously and/or by providing a secret password. In some cases, the key-logger can also transmit the details of the record remotely by using e-mail, Bluetooth signals or other methods.
How can your computer get infected by a Key-logger?
- A person you know might install one on your computer while you are not watching.
- By using an infected USB device.
- From downloading cracks or Keygens (key generator) from the internet. These files often contain viruses or Key loggers.
- By Installing games or software from unknown publishers.
- From Downloading and Installing programs from torrents.
- By visiting a website that exploits some browser vulnerability, this usually happens when you are using an outdated browser or have outdated plugins in a browser, or your operating system is not up-to-date with the latest security patches.
Safety Tips of Key-logger
Use a virtual Keyboard
To protect against both Key logging software and hardware, use a virtual keyboard. A virtual keyboard is a program that shows a keyboard on the screen, and the keys can be ‘pressed’ by using a mouse. If your Internet Banking login screen has a virtual keyboard, it is highly recommended to use it always.
Use a firewall always
Most Key logger software transmit an “I am alive” message as well as the recorded keystrokes to the bot handler. To detect this, install a personal firewall on your PC and keep a track of the data that is being sent by your PC to the external world. Configure an alert whenever any data is being transmitted to internet, review the alert and block the file or port if it is a suspicious data packet.
Have a robust and updated antivirus solution running
Most antivirus companies have already added known Key loggers to their databases, making protecting against Key loggers no different from protecting against other types of malicious programs. Install an antivirus product and keep its database up to date. However, since most antivirus products classify Key loggers as potentially malicious, or potentially undesirable programs, users should ensure that their antivirus product will, with default settings, detect this type of malware. If not, then the product should be configured accordingly, to ensure protection against most common Key loggers.
Check the system processes running
At weekly intervals check the system processes running by typing “msconfig” in your Run Command. Note down the processes that are currently running as well as the processes that are configured to automatically Start when your system boots. Investigate suspicious processes – which is easier said than done! Unfortunately, malware processes are rarely named “evil keylogger.exe”! Often malware, like Key loggers, have names that are similar to other normal processes like svchost.exe, making it difficult to distinguish between a safe process and a malicious one. Further there are quite a few Key loggers that will not show up at all in the Task Manager process list. Nevertheless, prevention is better than cure.
Fool the Key logger – a simple way
Type your password in a random way. Example: if your password is “your password”: Type “password” first then bring cursor to beginning, type "your". This way you can fool Key loggers.
Just say no to freeware
Just say no to "freeware" Since Key loggers can easily attach themselves to free software offered over the Internet, including free screensavers or Internet accelerators, resist the temptation to install these on your computer. Only install software from recognised vendors.
Check for Hardware Key loggers
These are devices plugged between the keyboard and the computer and are most easy to find. Simply look behind the computer you are using. If you see any kind of adapter or device between the keyboard and the motherboard connector – switch the computer or the Internet Cafe!
Monitor your transactions
Review your order confirmations, Credit Card and Bank Statements as soon as you receive them to make sure you are being charged only for transactions that have taken place. Immediately report any irregularities to your bank.
Avoid suspicious sites
Do not visit suspicious sites. If you suspect that a website is not what it purports to be, leave the site immediately. Do not follow any of the instructions it presents.
Avoid using public computer
Never use computers located in public places such as Internet cafes or airport lounges for online banking.
Ransomware is malicious software that is used by cybercriminals to launch data kidnapping and lock screen attacks. If a computer is impacted with ransomware, it will render the files on your computer encrypted and it will prompt you to pay a ransom when you try to open any of those files.
How is Ransomware spread?
Email: Cybercriminals are notorious for including malicious attachments and links in e-mails that appear to come from friends, reputed organisations, or other trusted sources. Some malicious e-mails can even infect your computer from the e-mail client’s preview pane, without you opening or downloading an attachment or a link.
Websites: Ransomware can be inadvertently/unintentionally downloaded from websites, or automatically downloaded while visiting some websites.
Outdated software: Ransomware crawls the Internet, looking for vulnerabilities of outdated software to spread its influence over computer systems.
Local Area Networks (LANs): A LAN is a group of locally connected computers that share information over a private network. If one computer becomes infected with malware, all other computers in the LAN may get infected as well.
Instant Messaging, Peer to Peer and File-sharing systems: If you have processes where you need to use/share online services of your client or vendor, and if their systems or computers are infected with ransomware then it can spread in your computer also.
Social networks: Ransomware authors take advantage of many popular social networks, infecting the massive user-data networks with worms. If a social website account is infected with a worm and if anyone visits the person’s profile page then their systems too can get infected with the worm.
Pop-ups: Some of the most sophisticated malicious software spread through well-disguised screen pop-ups that look like genuine alerts or messages.
Computer storage media: Malicious softwares can easily spread if you share computer storage media with others, such as USB drives, DVDs, and CDs.
Safety tips for Ransomware
Don’t act on spam e-mail:
By clicking links or opening suspicious attachments, you could be inviting ransomware, or other malware, onto your computer. Just delete spam immediately without opening it.
Avoid suspicious sites
Do not visit suspicious sites. If you suspect that a website is not what it seems to be, leave the site immediately. Do not follow any of the instructions on it.
Keep security software up to date
Always keep your security software (antivirus) updated. If your security software is not updated then it may not be able to recognise new threats entering your computers.
Back-up your files often
As in most cases when ransomware hits, it is difficult to remove. Even if you do successfully remove the malware, your files may still remain inaccessible.
Keep your Operating System updated
Malware like this finds ‘vulnerabilities’ or weak spots in your system, if it hasn’t been updated in a while.
Don’t Use Open Wi-Fi
When you are at the local coffee shop, library, and especially the airport, don’t use the “free” open (non-password, non-encrypted) Wi-Fi.
Do not open attachments
Don’t open attachments in suspicious and unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in such an e-mail, even if the link seems to be general or non-threatening.
A botnet is a network of compromised computers under the control of a malicious actor. Each individual device in a botnet is referred to as a bot. A bot is formed when a computer gets infected with malware that enables third-party control. Attackers use botnets for a variety of purposes, many of them criminal. The most common applications for botnets include e-mail spam campaigns, denial-of-service attacks, spreading adware/spyware and data theft.
How your computer gets infected?
- Opening attachments in e-mails which contain viruses.
- Visiting websites which are infected with malware. This could happen by either clicking on malicious links in e-mails or posts from the social networking sites or simply visiting infected sites.
- Spreading from one computer to another via a network, infected storage devices or from the internet.
Impact of botnet
- Your network being infected by viruses which could gain access to your data and transactions
- Steal banking credential using keyloggers
- Your computers could be used for the mass transmission of spam e-mail
- Your computers could be used for infecting others devices
- Your computers could be used for click fraud, whereby it visits nominated websites without your knowledge to create false web traffic.
Safety tips
- Choose reputed internet security software (antivirus). Ensure it is always updated and switched on
- Do not open any files attached to an e-mail from an unknown, suspicious or untrustworthy source
- Do not click on links in e-mails or social networking posts from an unknown, suspicious or untrustworthy source
- The e-mails which appear to be sent by friends or colleagues even with authentic addresses may be fraudulent owing to their devices having been infected by viruses, or their addresses having been spoofed by criminals
- Take care when using connected devices as they are very common carriers of malware
- Take care while using CDs/DVDs as they can also contain viruses
- Do not open any files from web-based digital file delivery companies that have been uploaded from an unknown, suspicious or untrustworthy source
- Purchase only trustworthy software from reputable companies and ensure that it is always kept updated
- While downloading free software, do so with extreme caution
- Do not send or receive private information while using public Wi-Fi
- Limit the personal and financial information you share online or offline
- Ensure that your computer and mobile have updated antivirus software installed and turned on
- Keep your operating system updated
- Monitor your banking and financials regularly.
Definition
A rootkit is a programme or, more often, a collection of software tools that gives a threat actor a remote access to and control over a computer or other system. While there have been legitimate uses for this type of software, such as to provide remote end-user support, most rootkits open a backdoor on victim systems to introduce malicious software, such as viruses, ransomware, key-logger programmes or other types of malware, or to use the system for further network security attacks. Rootkits often attempt to prevent detection of malicious software by endpoint antivirus software.
How is a Rootkit installed in the systems?
Rootkits can be installed in a number of ways, including phishing attacks or social engineering tactics to trick users into giving the rootkit permission to be installed on the victim system, often giving remote cybercriminals administrator access to the system.
How does a Rootkit work?
A rootkit is a collection of computer software, typically malicious, that is designed to grant an unauthorised user access to a computer or certain programmes. Once a rootkit is installed, it is easy to mask its presence, so an attacker can maintain privileged access while remaining undetected.
How does a Rootkit hide?
Memory rootkits hide in the RAM memory of your computer. Like kernel rootkits, these can reduce the performance of your RAM memory, by occupying the resources with all the malicious processes involved.
What are the possible outcomes of a rootkit attack?
Today, malware authors can easily purchase rootkits on the dark web and use them in their attacks. The list below explores some of the possible consequences of a rootkit attack:
Sensitive data stolen:
Rootkits enable hackers to install additional malicious software that steals sensitive information, like Credit Card numbers, social security numbers and user passwords, without being detected
Malware infection:
Attackers use rootkits to install malware on computers and systems without being detected. Rootkits conceal the malicious software from any existing anti-malware or antivirus, often de-activating security software without the user’s knowledge. As a result of deactivated anti-malware and antivirus software, rootkits enable attackers to execute harmful files on infected computers
File removal:
Rootkits grant access to all operating system files and commands. Attackers using rootkits can easily delete Linux or Windows directories, registry keys and files
Eavesdropping:
Cybercriminals leverage rootkits to exploit unsecured networks and intercept personal user information and communication, such as e-mails and messages exchanged through chat
Remote control:
Hackers use rootkits to remotely access and change system configurations. Then the hackers can change the open TCP ports inside firewalls or change the system startup scripts
What are the types of rootkit attacks?
Attackers can install different rootkit types on any system. Below, you’ll find a review of the most common rootkit attacks.
Application rootkits:
Application rootkits replace legitimate files with infected rootkit files on your computer. These rootkits infect standard programmes like Microsoft Office, Notepad or Paint. Attackers can get access to your computer every time you run those programmes. Antivirus programmes can easily detect them since they both operate on the application layer
Kernel rootkits:
Attackers use these rootkits to change the functionality of an operating system by inserting malicious code into it. This gives them the opportunity to easily steal personal information
Bootloader rootkits:
The bootloader mechanism is responsible for loading the operating system on a computer. These rootkits replace the original bootloader with an infected one. This means that bootloader rootkits are active even before the operating system is fully loaded
How does one prevent a rootkit attack?
Rootkit attacks are dangerous and harmful but they only infect your computer if you have somehow launched a malicious software that carries the rootkit. The tips below outline the basic steps you should follow to prevent rootkit infection.
Scan your systems:
Scanners are software programmes aimed to analyse a system to get rid of active rootkits.
Rootkit scanners are usually effective in detecting and removing application rootkits. However, they are ineffective against kernel, bootloader or firmware attacks. Kernel level scanners can only detect malicious code when the rootkit is inactive. This means that you have to stop all system processes and boot the computer in the safe mode in order to effectively scan the system.
Security experts claim that a single scanner cannot guarantee the complete security of a system due to these limitations. Therefore, many advise using multiple scanners and rootkit removers. To fully protect yourself against rootkits attacks at the boot or firmware level, you need to back up your data, then reinstall the entire system
Avoid phishing attempts:
Phishing is a type of social engineering attack in which hackers use e-mails to deceive users into clicking on a malicious link or downloading an infected attachment.
The fraudulent e-mail can be anything, from Nigerian prince scams asking to reclaim gold to fake messages from Facebook, requesting you to update your login credentials. The infected attachments can be Excel or Word documents, a regular executable programme or an infected image
Update your software:
Many software programmes contain vulnerabilities and bugs that allow cybercriminals to exploit them—especially older, legacy software. Usually, companies release regular updates to fix these bugs and vulnerabilities but not all vulnerabilities are made public. And once a software has reached a certain age, companies stop supporting them with updates.
Ongoing software updates are essential for staying safe and preventing hackers from infecting you with malware. Keep all your programmes and operating system up-to-date and you can avoid rootkit attacks that take advantage of vulnerabilities
Use next-gen antivirus:
Malware authors always try to stay one step ahead of the cybersecurity industry. To counter their progress, you should use antivirus programmes that leverage modern security techniques, like machine learning-based anomaly detection and behavioural heuristics. This type of antivirus can determine the origin of the rootkit based on its behaviour, detect the malware and block it from infecting your system
Monitor network traffic:
Network traffic monitoring techniques analyse network packets in order to identify potentially malicious network traffic. Network analytics can also mitigate threats more quickly, while isolating the network segments that are under attack to prevent the attack from spreading.