Different types of Computer Virus

Trojan is a program which often looks like a legitimate program such as a game or utility. It travels with another program which you may download from a website or receive as an attachment in an e-mail. When executed, Trojan scan gathers information about our computer (files, passwords, etc.) without our knowledge and transmits this information back to the fraudster who has sent the trojan.

At times, this virus is designed specifically to capture credit card related data and build a mini- database at a pre-decided location for misuse by fraudsters.

In extreme cases, Trojan can also give the fraudster complete access to our computer without our knowledge. Once this type of Trojan has been installed on our computer, the attacker can access and use our computer as if they were the real owner!

A sample of the pop-up appearing on the infected screen is given below.

Spyware gathers personal information from our computer or information related to our activity on the Internet and sends the information without our knowledge to fraudsters.

How does a Trojan or Spyware program get on the computer?

Trojans and spyware are often hidden inside other computer programs. Trojans and spyware are commonly hidden inside softwares such as:

• Screen savers
• Time and date updaters
• Custom cursors (mouse pointers)
• Weather updaters
• Browser toolbars
• Internet games
• Online word documents
• Excel based documents

Malware is primarily designed to infiltrate systems and the access information stored on them for criminal, commercial or destructive purposes.

Malware varies greatly in both, form and functionality. Some malware is used to steal information such as credit card numbers, identities or sensitive business information from the computer it infects. Other malware may take over our computer and use it for attacking other systems. Alternatively, the malware may just be malicious, with a sole purpose to destroy or corrupt information on your computer

How does Malware spread?

E-mail:

Malware is often present in e-mail attachments, or/and can be automatically downloaded and installed on your computer, when you click on links within e-mails.

Pop-Ups: 

A fairly new tactic to spread malware is through the use of cleverly disguised pop- up adverts that appear as legitimate looking "Windows" alerts or messages.

Social Networking Sites: 

Malware is increasingly spreading through social networking sites by installing dubious 3rd party add-on applications or by web links in messages. There is a false sense of security when using these sites, so you must remain vigilant at all times.

Software: 

Malware located in legitimate looking software is one of the most common ways it is spread. Peer to Peer software and cracked or pirate software (e.g. 'warez'), often facilitate the spread of malware.

Computer Media: 

Malware can be easily spread through the shared use of computer storage media such as DVDs, CDs and USB drives.

Mobile Devices: 

Malware has been known to spread through mobile devices such as cell phones. As devices become more and more like mini computers, the threat of malware on these devices will increase.

How to protect your computer from Malware?

• Use a Firewall- Install and activate a personal firewall on your computer.
• Ensure your anti-virus and spyware detection software is updated regularly; daily if possible.
• Know what you are installing before you click 'install'.
• Do not enter your passwords, card details and codes in pop-up windows that may appear for no reason in the midst of your activity on any website or social websites.
• Log off from the session immediately on completing your activity.
• Ensure to do your online shopping on known and reputed websites only.
• Do not install any software that comes as an attachment via e-mail/web promotion.
• Run spyware checks on your computer frequently. A weekly scan is highly recommended.
• Never buy software in response to unexpected pop-up messages or e-mails
• Never click links in messages from unknown or untrusted contacts, and avoid clicking on message links sent from trusted contacts unless you are certain where it will lead you
• Never install unauthorized, unlicensed or unapproved software on your computer
• Do not insert untrusted computer media into your computer
• Be alert of unsolicited text or other message requests for software installs or links to unknown or untrusted locations

ICICI Bank has strong measures to ensure the security and safety of your account. By staying alert to potential security threats and keeping in mind the suggestions listed above, you can enjoy a safe and secure banking experience.

We at ICICI Bank believe in promoting awareness amongst our customers by updating them with the latest threats and alerts associated with online banking.

Recently an alert was issued by CERT-In and US-CERT highlighting that a new banking malware known as 'Dyre/ Dyreza' was used to target customers of well-known financial institutions. Indian Computer Emergency Response Team (CERT-In) and United States Computer Emergency Readiness Team (US-CERT) are nodal government agencies that deal with cyber security threats in India and the United States respectively. These agencies issue alerts and advisories to update users about latest trends in information security along with newly discovered vulnerabilities.

The alert issued mentions that since mid-October 2014, a phishing campaign has been targeting a wide variety of consumers while employing the Dyre/ Dyreza banking trojan. This campaign uses various tactics with the intent to entice recipients into opening attachments and downloading malware. Most of the popular banks' customers are targeted with such e-mail attacks.

How does a Dyre/ Dyreza malware reach your system?

The malware propagates by using social engineering techniques (Phishing) or by means of spam e-mails. These e-mails pretend to be genuine e-mails received from a financial institution and contain either a ZIP file or a PDF document as an attachment. The zip contains Dyreza malware which installs itself on the target system on being executed.

The e-mails that were commonly observed to be sent to spread the malware used the following patterns and characteristics:

• Subject line: "Unpaid invoic" (Spelling errors in the subject line are a characteristic of this campaign)
• Attachment name resembling Invoice621785.pdf

What are the impacts of this malware?

Dyreza attaches itself to your Internet browser intercepting any information visible on the browser including your user ID credentials and passwords.

• Attempts to take your passwords or account/ card details of online services, including banking services
• Bypasses your secure browser protection settings
• Captures your keystrokes (while entering passwords)
• Intercepts your browsing activities and communicates the same to the miscreants

What are the symptoms of being infected with Dyreza?

Following are the symptoms you will observe if your computer is infected with Dyreza or similar malware:

• Slows down, crashes or displays repeated error messages
• Will not shut down or restart
• Unintended downloads/ unexpected flow of pop-ups
• Displays web pages you did not intend to visit or sends e-mails you did not write (you may check your sent items for this). Once you realise you are affected with a malware, change your banking or e-mail passwords immediately using an uninfected system
• New and unexpected icons in your shortcuts or on your desktop
• Your laptop battery drains more quickly than it should

How should one be safe from such malware?

In order to be safe from such fraudulent attacks, you need to be aware of it. It is  recommended to take the following preventive measures to protect your computer networks from phishing campaigns:

• Do not follow unsolicited web links in e-mail
• Use caution when opening e-mail attachments
• Follow safe practices when browsing the web
• Install a reputed and paid anti-virus
• Keep your anti-virus up-to-date
• Keep your operating system and software up-to-date with the latest updates

A key-logger is a device (physical device, hardware) or a computer program (software) which is secretly connected or downloaded on the computers. The aim of this device/program is to record all keystrokes that are generated from a keyboard. The keystrokes are secretly recorded without the user’s knowledge and are viewed by the fraudsters. Usually, the person who has installed the key-logger can retrieve the record by pressing a combination of keys simultaneously and/or by providing a secret password. In some cases, the key-logger can also transmit the details of the record remotely by using e-mail, Bluetooth signals or other methods.

How can your computer get infected by a Key-logger?

• A person you know might install one on your computer while you are not watching.
• By using an infected USB device.
• From downloading cracks or Keygens (key generator) from the internet. These files often contain viruses or Key loggers.
• By Installing games or software from unknown publishers.
• From Downloading and Installing programs from torrents.
• By visiting a website that exploits some browser vulnerability, this usually happens when you are using an outdated browser or have outdated plugins in a browser, or your operating system is not up-to-date with the latest security patches.

Safety Tips of Key-logger

Use a virtual Keyboard

To protect against both Key logging software and hardware, use a virtual keyboard. A virtual keyboard is a program that shows a keyboard on the screen, and the keys can be ‘pressed’ by using a mouse. If your Internet Banking login screen has a virtual keyboard, it is highly recommended to use it always.

Use a firewall always 

Most Key logger software transmit an “I am alive” message as well as the recorded keystrokes to the bot handler. To detect this, install a personal firewall on your PC and keep a track of the data that is being sent by your PC to the external world. Configure an alert whenever any data is being transmitted to internet, review the alert and block the file or port if it is a suspicious data packet.

Have a robust and updated antivirus solution running 

Most antivirus companies have already added known Key loggers to their databases, making protecting against Key loggers no different from protecting against other types of malicious programs. Install an antivirus product and keep its database up to date. However, since most antivirus products classify Key loggers as potentially malicious, or potentially undesirable programs, users should ensure that their antivirus product will, with default settings, detect this type of malware. If not, then the product should be configured accordingly, to ensure protection against most common Key loggers.

Check the system processes running 

At weekly intervals check the system processes running by typing “msconfig” in your Run Command. Note down the processes that are currently running as well as the processes that are configured to automatically Start when your system boots. Investigate suspicious processes – which is easier said than done! Unfortunately, malware processes are rarely named “evil keylogger.exe”! Often malware, like Key loggers, have names that are similar to other normal processes like svchost.exe, making it difficult to distinguish between a safe process and a malicious one. Further there are quite a few Key loggers that will not show up at all in the Task Manager process list. Nevertheless, prevention is better than cure.

Fool the Key logger – a simple way 

Type your password in a random way. Example: if your password is “your password”: Type “password” first then bring cursor to beginning, type "your".  This way you can fool Key loggers.

Just say no to freeware 

Just say no to "freeware" Since Key loggers can easily attach themselves to free software offered over the Internet, including free screensavers or Internet accelerators, resist the temptation to install these on your computer. Only install software from recognised vendors.

Check for Hardware Key loggers 

These are devices plugged between the keyboard and the computer and are most easy to find. Simply look behind the computer you are using. If you see any kind of adapter or device between the keyboard and the motherboard connector – switch the computer or the Internet Cafe!

Monitor your transactions 

Review your order confirmations, Credit Card and Bank Statements as soon as you receive them to make sure you are being charged only for transactions that have taken place. Immediately report any irregularities to your bank.

Avoid suspicious sites 

Do not visit suspicious sites. If you suspect that a website is not what it purports to be, leave the site immediately. Do not follow any of the instructions it presents.

Avoid using public computer 

Never use computers located in public places such as Internet cafes or airport lounges for online banking.