back to article ZeuS attacks mobiles in bank SMS bypass scam

Security researchers have warned that cybercrooks might be able to compromise online bank accounts even in cases where banks use SMS messages to authorise transactions. The approach relies on first compromising a targeted user's computer using a variant of the ZeuS banking Trojan before infecting the same user's smartphone. …

COMMENTS

This topic is closed for new posts.
  1. Real Name
    Stop

    Oh stop scaring people.

    Until it happens, fuck off.

    Stupid fricking idiots. Shouting about it will make it worse not better.

  2. Anonymous Coward
    Happy

    yay!

    maybe my bank will abandon this infuriating check system, which annoyingly is sprung on me in a purely arbitrary fashion.

    Stoopid system caught me off-guard (battery failure on mobile) and left me unable to order a pizza online when stuck in work late one night :'(

  3. Sander van der Wal

    Symbian Signed details are?

    The described Symbian S60 app has to be Symbian Signed for this to work. What are they, is the app signed by Nokia itself using their latest free signing program, is it done by the Symbian Signed website, and how could an app named like that pass signing criteria?

  4. Anonymous Coward
    FAIL

    @ Real Name

    Good plan, ignore it and perhaps it'll go away.

  5. xj25vm

    Title

    I see. What else do you need to get infected/affected? It also requires that planets are in alignment, your grandma is Elvis Presley's niece, you have a dog called Shakira, and your house is painted in stripes of peachy orange and blue apples. Oh well, clearly we should all watch out for this one.

    Maybe they should design a virus which targets individuals called Simon, who live on Mars and drive a lettucemobile.

  6. Tom Samplonius
    Stop

    Umm...

    Zeus infected systems probably number in the millions by now. The latest Twitter thing was installing Zeus via a drive-by-download. Zeus is freaking everywhere now. Stop what you are doing, and update your system. You wouldn't believe the pages of alerts I get every day from customer systems infected with Zeus.

    Now Zeus just needs to be spread to your phone, and you are completely screwed. So, no, not a good idea for you bank to drop the SMS confirmations, because without the SMS check, your account would already be empty.

  7. leexgx

    RSA keyfobs

    really just use RSA keyfobs that make the numbers that are valid for 30 secs or Both 3 levels of security for the stupid that like to run keylogers on there pcs

  8. JaitcH
    Unhappy

    "liable to be in for all sorts of trouble"

    Please explain what bank doesn't question the honesty / veracity / sanity of ANYONE questioning a banks security.

    The banks programmers and web sites are invincible. Or hadn't you heard?

    So says the HSBC who has has web site defamation before.

  9. Robert 36
    Linux

    It wasn't this one but acquaintance had her bank account cleaned out

    She did online banking and one day discovered she had a $10 balance when it should have been much more. The bank had sent all of her money to somewhere in Australia.

    Haven't heard if she was successful in getting any kind of restitution but likely not since the route was probably through a key logger on her home PC.

    These things happen and this sounds like it was targeting business bank accounts rather than personal.

    Leexgx is right - RSA key fobs can help to make theft more difficult instead of using a communications channel that can be compromised. Luckily my bank offered them for free but they have made it much more limited (business customers) due to lack of interest. Regular customers (maybe businesses too) now have to pay for the RSA keys.

This topic is closed for new posts.

Other stories you might like