back to article ZeuS attacks mobiles in bank SMS bypass scam

Security researchers have warned that cybercrooks might be able to compromise online bank accounts even in cases where banks use SMS messages to authorise transactions. The approach relies on first compromising a targeted user's computer using a variant of the ZeuS banking Trojan before infecting the same user's smartphone. …

COMMENTS

This topic is closed for new posts.
Stop

Oh stop scaring people.

Until it happens, fuck off.

Stupid fricking idiots. Shouting about it will make it worse not better.

0
0
Happy

yay!

maybe my bank will abandon this infuriating check system, which annoyingly is sprung on me in a purely arbitrary fashion.

Stoopid system caught me off-guard (battery failure on mobile) and left me unable to order a pizza online when stuck in work late one night :'(

0
0
Bronze badge

Symbian Signed details are?

The described Symbian S60 app has to be Symbian Signed for this to work. What are they, is the app signed by Nokia itself using their latest free signing program, is it done by the Symbian Signed website, and how could an app named like that pass signing criteria?

0
0
FAIL

@ Real Name

Good plan, ignore it and perhaps it'll go away.

1
0

Title

I see. What else do you need to get infected/affected? It also requires that planets are in alignment, your grandma is Elvis Presley's niece, you have a dog called Shakira, and your house is painted in stripes of peachy orange and blue apples. Oh well, clearly we should all watch out for this one.

Maybe they should design a virus which targets individuals called Simon, who live on Mars and drive a lettucemobile.

0
0
Stop

Umm...

Zeus infected systems probably number in the millions by now. The latest Twitter thing was installing Zeus via a drive-by-download. Zeus is freaking everywhere now. Stop what you are doing, and update your system. You wouldn't believe the pages of alerts I get every day from customer systems infected with Zeus.

Now Zeus just needs to be spread to your phone, and you are completely screwed. So, no, not a good idea for you bank to drop the SMS confirmations, because without the SMS check, your account would already be empty.

0
0

RSA keyfobs

really just use RSA keyfobs that make the numbers that are valid for 30 secs or Both 3 levels of security for the stupid that like to run keylogers on there pcs

1
0
Silver badge
Unhappy

"liable to be in for all sorts of trouble"

Please explain what bank doesn't question the honesty / veracity / sanity of ANYONE questioning a banks security.

The banks programmers and web sites are invincible. Or hadn't you heard?

So says the HSBC who has has web site defamation before.

2
0
Linux

It wasn't this one but acquaintance had her bank account cleaned out

She did online banking and one day discovered she had a $10 balance when it should have been much more. The bank had sent all of her money to somewhere in Australia.

Haven't heard if she was successful in getting any kind of restitution but likely not since the route was probably through a key logger on her home PC.

These things happen and this sounds like it was targeting business bank accounts rather than personal.

Leexgx is right - RSA key fobs can help to make theft more difficult instead of using a communications channel that can be compromised. Luckily my bank offered them for free but they have made it much more limited (business customers) due to lack of interest. Regular customers (maybe businesses too) now have to pay for the RSA keys.

0
0
This topic is closed for new posts.

Forums