On-Line Russian Banking Hackers Steal Millions...

Zeus isn't just in Russia: billions have been and are being stolen from the USA, from computers like yours and mine. I found various tools: old but not forgotten, new, and some cutting-edge to protect your machine from on-line banking hackers.

 This was the largest theft ever, according to the show "Rock Center/Brian Williams." Some of the fixes we already knew - the safest way for on-line banking has always been to buy a cheap laptop just for bank use. Period. No email - no downloads. (The theft was accomplished by a virus or worm called "Zeus" which acts by copying everything you type, and watching where you go. To a bank? It alerts the hacker, and the deed is done.) Using an Ubantu virtual machine also nails the bug and will shortly be discussed in detail.

These viruses are like cancer or the common cold: with all the annual research funds pouring into them, we should have the ability to quickly detect the fix for any bug, including Zeus (which attacks via the standard methods: emails, attachments, downloads.)

Ways to Prevent Malware and On-line Robbery

Other than buying a new computer, I thought of one simple way to stop the thieves: type your passwords into a grocery list, then copy/paste when needed. Presto, no keystrokes into your banking program.

Of course virus scanners are of some help; any of the top ones work equally well. AVG (free version also,) Norton (not a personal fav as it's a nightmare to uninstall,) and McAfee will locate and eradicate most beasties. On PcMag's site - one of the best tech review sites - Norton Antivirus and Webroot SecureAnywhere Antivirus are scored the highest for 2012 in this article.

Hackers response to Zeus

Using some of my more unconventional sources, I located an overseas hacker's chat (it was not unlike entering the CIA's site!) Once the simple, coal-black screen appeared, I simply mentioned Zeus and the screen lit up.

"This ain't typical malware - way too sophisticated. It actually modifies itself from install to install on people's machines. Most anti-virus programs don't pick it up all the time, but investing in one like Kepersky [didn't fare well on the PcMag tests] will help."

A bunch of Kaspersky posts followed. Evidently it has a 'virtual keyboard,' or a picture of one where you click letters on your screen instead of typing: the hackers laughed at that. "Stop us from capping your keystrokes, we'll cap your screen too!"

Having done a bit of research, I offered one solution: "I heard that if you frequently check your balance, you'll be a lot safer?" It makes sense: if your balance suddenly changes, something is awry. Right?

"Wrong," two hackers responded at once. "There are bugs out there like the one that caps your virtual keyboard -- they cap your balance screen -- whenever you think you're checking it, up pops that screen cap."

Hell. Hadn't thought of that one. "How about my password idea (saving it in a grocery list, copy/pasting?)"

"Girl, your info is all over that puter. SS #s, passwords, banking info - you wouldn't believe some of the spots they hide in." He mentioned "Identity Finder," which scans a Mac or PC (free!) for any of that data no matter where it is, then gives you the option to shred or encrypt it.

Ubuntu machine

The hackers all agreed on one solution: the ultimate response to the Zeus threat is the Ubuntu machine, a virtual machine product. Sometimes it's offered directly from your bank, free. Go to your bank's site and search for it. (A virtual machine is like a computer embedded within your computer's software.) Other OS's such as Linux can be installed on it... Linux is far safer than Windows for a variety of reasons. I believe the major one is the sheer number of Windows machines vs a relatively tiny number of machines running Linux. Why purchase a fly swatter that only kills a certain rare, tropical bug when you can get one that kills so many normal flies?

Maybe all this was like the little boy calling wolf: some of my research was more than a year old, positively antediluvian in the hi tech world. One way to find out.

I called my bank and told them I run AVG, am I safe accessing their online banking features? The response didn't give me the warm fuzzies. "Banking on your home PC is asking for trouble. Either use a dedicated machine or a self-booting CD-ROM running Ubuntu with Linux   and Firefox. Run Firefox (configured to access your bank) on boot. Everything will be done within that CD, avoiding the common downfalls of PC banking."

You can order a copy of the free Ubuntu Desktop Edition selt-booting CD  and try it for your online banking: I was told that several YouTubes describe the set-up process in detail.

Any questions? Joker's Tech Forum has answers.

 Gee, I feel safer already. How about you?