The virus that allows hackers ING customers via internet banking money to make, shows the well-known trojan SpyEye. The malware is not detected by many virus scanners, report led with the trojan have experienced.
It is unclear how many victims of the hackers have created with their virus: both the ING bank and the Dutch Association of Banks do not comment on. A spokesman of the NVB says that banks are familiar with the malware: “That has existed for longer and is always more sophisticated.” The conscious trojans appear to be the last time, indeed, more in ING customers, it was found during a belrondje that Tweakers.net did under repair. There are no indications that the virus in addition to ING other banks affected.
A lot of people have as a result of a call under the article on Thursday about this topic, reported to the editors of Tweakers.net. From an anthology of the reactions show how the virus works: after users log in to My ING, they get an overlay on the screen that prompts for authentication with a TAN-code. Then they get that tancode also sent per sms. Observant users will see that in that text you have a amount of 90 percent of the balance. That goes sometimes for thousands of euros.
The transaction is already created automatically in the background, while the TAN-code allows for the verification. In one way or another, seems the trojan has managed to succeed for the transaction to hide in the overview. How SpyEye on pc’s, is unknown. The trojan can be controlled from a command&control server, which is normally used to botnets to send.
Attackers have a license taken on the banks targeted, the malware SpyEye, which is the source code a few days ago uitlekte. The trojan is difficult to remove, because according to an insider recently, mostly through a rootkit installed on the system, presumably Mebroot. Then the user can not do much else than a expert enable or hard disk wiping. Anti-virus the malware because the rootkit are unable to remove. It can, for example, the Cleaner of ING Bank the malware detect. According to many users see a lot of well-known virus scanners, such as McAfee, the malware not.
It is not uncommon for attackers to get started with SpyEye, says Joost Bijl of Fox-IT. “Who wants to may a license to take on SpyEye and adapt to the bank in question.” The fraud cases came in the publicity when a Walloon newspaper Thursday published about the malware that customers affected would have. Banks in both the Netherlands and Belgium to compensate for the amount of people by the virus lose.
