March 22, 2012
I found some tools: old but not forgotten, new, and some cutting-edge to protect your machine from on-line banking hackers.
This was the largest theft ever, according to the show "Rock Center/Brian Williams. "Some of the fixes we already know - the safest way for on-line banking is to buy a cheap laptop just for bank use. Period. No email - no downloads. (The theft was accomplished by a virus or worm called "Zeus" which acts by copying your keystrokes, and logging your locations. Hit your bank? Zeus alerts the hacker, and the deed is done.) Using the Ubantu virtual machine also prevents the bug and will shortly be discussed in detail.
These viruses are like cancer or the common cold: with all the annual research funds sunk into them, they should have the ability to quickly detect the fix for any bug, including Zeus (which attacks via the standard methods: emails, attachments, downloads.)
Other than buying a new computer, one easy way to stop the thieves is so simple I can't believe it wasn't suggested on that show: type your passwords into a grocery list, then copy/paste when needed. Presto, no keystrokes into your banking program.
Of course virus scanners are of some help; any of the top ones work equally well. AVG (free version also,) Norton (not a personal fav as it's a nightmare to uninstall,) and McAfee will locate and eradicate most beasties. On PcMag's site - one of the best tech review sites - Norton Antivirus and Webroot SecureAnywhere Antivirus are scored the highest for 2012 in this article. Webroot earned a perfect score on their Malware blocking test against the previous sample set. Norton did better on the current one due to Webroot's nontraditional methods.
Using some of my more unconventional sources, I located an overseas hacker's chat (it was like entering the CIA's site to get in!) Once the simple, coal-black screen appeared, I just mentioned Zeus and the screen lit up.
"This ain't typical malware - way too sophisticated. It actually modifies itself from install to install on people's machines. [This means every time it finds itself on a new computer, it recreates part of its own code.] Most anti-virus programs don't pick it up all the time, but investing in one like Kepersky [didn't fare well on the PcMag tests] will help."
A bunch of Kaspersky posts followed. Evidently it has a 'virtual keyboard,' or a picture of one where you click on letters instead of typing: the hackers laughed at that. "Stop us from capping your keystrokes, we'll cap your screen too!"
Having done a bit of research, I offered one solution: "I heard that if you frequently check your balance, you'll be a lot safer?" It made sense: if your balance suddenly changed, something went awry. Right?
"Wrong," two hackers responded at once. "There are bugs out there like the one that caps your virtual keyboard: they cap your balance screen. Whenever you think you're checking it, up pops that screen cap."
Hell. Hadn't thought of that one. "How about my password idea (saving it in a grocery list, copy/pasting?)"
"Girl, your info is all over that puter. SS #s, passwords, banking info - you wouldn't believe some of the spots they hide in." He mentioned "Identity Finder," which scans a Mac or PC (free!) for any of that data no matter where it is, then gives you the option to shred or encrypt it.
The ultimate response to the Zeus threat, this virtual machine product is sometimes offered directly from your bank FREE. Go to your bank's site and search for it. BTW a virtual machine is like a computer embedded within your computer: all done in RAM, methinks. It runs on Linux (another operating system like Windows, much more powerful and safe, but more techie oriented.) You can install Linux on this virtual machine.
I called my bank and told them I run AVG, am I safe accessing their online banking features? The response didn't give me the warm fuzzies. "Banking on your home PC is asking for trouble. Either use a dedicated machine or a self-booting CD-ROM running Ubuntu Linux (free) and Firefox. On boot, have Linux run Firefox (which should have been configured to access your bank.) Everything will be done within that CD, avoiding the common downfalls of PC banking."
You can order a copy of the free Ubuntu Desktop Edition selt-booting CD and try it for your online banking: I was told that several YouTubes describe the set-up process in detail, and it's certainly not trivial.
Any questions? Joker's Tech Forum has answers.