NEW YORK (MainStreet) — Cyber security experts are sounding an alarm and, wake up, your online banking account may be at high risk. The weapon of the moment: Dyre, slick malware that, said security firm Symantec in a recent white paper, is capable of attacking the three main Windows web browsers (Internet Explorer, Chrome and Firefox) “in order to steal credentials.”
Already over 1 million bank accounts are believed to have been stolen worldwide by Dyre, said experts. Symantec now characterizes it as “the most dangerous financial Trojan.”
How it works is that Dyre sees that a victim is about to log into a bank site. It intercepts and redirects the victim to a bogus site designed to look exactly like the real banking site. The victim is prompted to log in and, as he does, the credentials are snagged. And then, usually, Dyre redirects the victim to the real site, in order to minimize suspicion.
Sound bad? It gets worse. Symantec claims that it has found evidence of over 1,000 counterfeited sites. It added: “The list of targets is dominated by banks and it includes some of the world’s most well-known institutions.” Quite probably your bank is on the list.
Aren’t the shoddy website ripoffs a tip-off that something hinky is happening? It used to be the case, yes, scam websites shrieked knockoff, but Trend Micro spokesperson Christopher Budd said that in many cases today the counterfeits look good with Dyre.
Trend Micro, too, is raising warnings about Dyre. Budd told TheStreet that his company has seen a 125% increase in Dyre attacks quarter on quarter, with most of the attacks focused on Europe and North America. But attacks in Asia are on the rise, he said.
“Online banking is increasingly attractive to criminals,” said Budd.
As for why Dyre, suddenly, has emerged as the primary threat to online banking, the irony is that it is the beneficiary of successful law enforcement takedowns of large, criminal botnets- Zombie computer armies - that spread Gameover Zeus and Ramnit, which had been the primary attacks on online banking. With them out of action, cyber criminals shifted energy and many threw their muscle behind Dyre.
How to get Dyre? Most cases trace back to emails sent out by cyber criminals and including a link to what purports to be a Youtube video, perhaps a Zip file, a fax or a voice mail -- maybe just a link to an infected website. Click on that link and a very small file called Upatre - 38 KB - downloads to the victim’s computer. Its mission is to download additional malware, namely Dyre itself. All this happens in fractions of a second.
Identity theft expert Robert Siciliano added that Dyre is smart. “Once launched it is designed to shut down firewalls and security defenses,” he said. “The malware is advanced enough that it often goes undetected."
Adding yet another layer of evil, many Dyre variants also enlist the infected computer into a botnet where the computer is put to work sending out many more Spam emails designed to infect the unwary with Dyre.
Here’s the money question: how to avoid getting Dyre? For starters, it now seems focused on Windows computers. Mac and ChromeBook users cannot assume immunity. But Windows users need to proceed with real caution because they are targets.
Beyond that, suggested Trend Micro’s Budd, stay up to date on patches, run quality security software, and - perhaps above all - “exercise extreme caution in clicking on links and attachments.” The last perhaps is the most critical, but also the hardest. Do you click on the attachment that purports to be unpaid New York City parking tickets, or maybe it claims to be FedEx with info on an undeliverable package -- or do you delete them?
Budd’s shrewd advice is that where possible, ignore the email and go directly to the sender’s website. Your bank said you bounced a check? Don’t open the attachment, go to the website directly - pertinent info will be there.
And if you have any suspicion that you have Dyre on your system, use your mobile phone to surf to the site. Mobiles, stressed experts, are not infection free, but they remain a hard target for many malware developers. Either way, avoid a lot of Dyre news by going directly to the source. That’s expert counsel. Follow it.
This article is commentary by an independent contributor. At the time of publication, the author held TK positions in the stocks mentioned.