Monday mornings I'm on the air sharing more stories about how people are living better through computers. I'll tuck field notes from those shows right here. You'll also be able to dig into the archives to explore previous shows as I determine how best to share some of the highlights of the past 8 year's worth of adventures.
Monday, January 21, 2008
Canadians have been waking up to find that one of the most problematic viruses ever has arrived in their own back yard, and that it's posing a troublesome and rather unconventional threat to their bank accounts.
"silentbanker" is a "sleeper" virus used to launch a "man-in-the-middle" attack. Like most spyware it's designed to record your keystrokes, capturing things like passwords and personal information, but this one is much more insidious than traditional malware. Cultivated by tech-savvy criminal gangs for the purpose of draining bank accounts, it's one of the most sophisticated computer viruses ever released, and continues to evolve at the hands of professional software developers, afflicting more than 400 banking sites in Canada in the past week.
What's Different About this Virus?
- It doesn't use the conventional methods of phishing and scamming through redirection to a bogus web site. This virus actually operates as a "middle man" between your computer and your legitimate banking site, stealing the information that you type in when checking your accounts and processing transactions.
- This virus is not rogue code created by an individual and released in the wild. It's sofisticated software being manned and operated by a group of computer professionals, who continue to evolve it and use the information stolen to drain your bank account.
- This virus can be picked up unknowingly from "safe" web sites. Viruses, spyware and other malware often hop on board as hidden payload through porn sites, screensaver downloads and music downloads. That is not the case with this offender. It has embedded itself into traditionally safe web sites, making it harder to prevent infection, and how now started to arrive in email.
How Can You Tell if Your Computer is Infected with this Virus?
- Scan using a reputable, up-to-date antivirus program. Symantec's "Norton Antivirus" is one that will catch it (and prevent it from ever hopping on board your system in the first place).
- When interacting at your banking web site, there won't be a lot of clues that anything is out of line. However, this virus sometimes installs a "security" button on the site. If you see one, that should be a cue to suspect infection, and to avoid doing anything further on your bank website through your computer until you scan it.
How Can You Protect Yourself from Getting This Virus?
- Be sure to use reputable antivirus/antispyware/security software.
- Keep it up-to-date.
- Check for upgrades to your Windows operating system, applying critical patches.
- create frequent "restore points" so that if your computer does become infected you can "roll it back" to a clean point
- Download the free Ad-Aware spyware detection utility from Lavasoft.
- Install the free McAfee Site Advisor to help discern which web sites are safe and which are not. It not only offers easy visual cues as you visit individual web sites, but even works as part of your favourite search engines to highlight "safe" search results.
- Consider using "Firefox" instead of MSIE (Microsoft Internet Explorer) as a browser. Many exploits are designed to target the IE browser. Mozilla's "Firefox" has a handful of excellent add-ons to help shore up security while still offering compatibility with web sites designed to work best in MSIE.
What Do You Do if You Find You Have It?
- If you have Norton Antivirus by Symantec, and you've kept it up-to-date, it's equipped to deal with it. It should detect the virus and future variants as soon as they land on your digital doorstep. However, there is a team of software professionals behind this particular virus, constantly evolving it, so it's possible it will morph into something that escapes the detection of industry standard tools for a brief time. The best defense is vigilance.
- If you do find that this virus has infected your system, and you are unable to remove it, there are several excellent web sites that offer free and very detailed technical support. You can download troubleshooting tools, ask questions and get very detailed instructions on removing even the most stubborn infections from your system and repairing the damage they've done. Here are a few of my personal favourites:
* http://www.techsupportforum.com
* http://www.security-forums.com