Different types of Computer Virus

Trojan is a program which often looks like a legitimate program such as a game or utility. It travels with another program which you may download from a website or receive as an attachment in an e-mail. When executed, Trojan scan gathers information about our computer (files, passwords, etc.) without our knowledge and transmits this information back to the fraudster who has sent the trojan.

At times, this virus is designed specifically to capture credit card related data and build a mini- database at a pre-decided location for misuse by fraudsters.

In extreme cases, Trojan can also give the fraudster complete access to our computer without our knowledge. Once this type of Trojan has been installed on our computer, the attacker can access and use our computer as if they were the real owner!

A sample of the pop-up appearing on the infected screen is given below.

 

Spyware gathers personal information from our computer or information related to our activity on the Internet and sends the information without our knowledge to fraudsters.

How does a Trojan or Spyware program get on the computer?

Trojans and spyware are often hidden inside other computer programs. Trojans and spyware are commonly hidden inside softwares such as:

• Screen savers
• Time and date updaters
• Custom cursors (mouse pointers)
• Weather updaters
• Browser toolbars
• Internet games
• Online word documents
• Excel based documents

Malware is primarily designed to infiltrate systems and the access information stored on them for criminal, commercial or destructive purposes.

Malware varies greatly in both, form and functionality. Some malware is used to steal information such as credit card numbers, identities or sensitive business information from the computer it infects. Other malware may take over our computer and use it for attacking other systems. Alternatively, the malware may just be malicious, with a sole purpose to destroy or corrupt information on your computer

 

How does Malware spread?

E-mail:

Malware is often present in e-mail attachments, or/and can be automatically downloaded and installed on your computer, when you click on links within e-mails.

 

 

Pop-Ups: 

A fairly new tactic to spread malware is through the use of cleverly disguised pop- up adverts that appear as legitimate looking "Windows" alerts or messages.

 

Social Networking Sites: 

Malware is increasingly spreading through social networking sites by installing dubious 3rd party add-on applications or by web links in messages. There is a false sense of security when using these sites, so you must remain vigilant at all times.

 

Software: 

Malware located in legitimate looking software is one of the most common ways it is spread. Peer to Peer software and cracked or pirate software (e.g. 'warez'), often facilitate the spread of malware.

 

Computer Media: 

Malware can be easily spread through the shared use of computer storage media such as DVDs, CDs and USB drives.

 

Mobile Devices: 

Malware has been known to spread through mobile devices such as cell phones. As devices become more and more like mini computers, the threat of malware on these devices will increase.

 

How to protect your computer from Malware?

• Use a Firewall- Install and activate a personal firewall on your computer.
• Ensure your anti-virus and spyware detection software is updated regularly; daily if possible.
• Know what you are installing before you click 'install'.
• Do not enter your passwords, card details and codes in pop-up windows that may appear for no reason in the midst of your activity on any website or social websites.
• Log off from the session immediately on completing your activity.
• Ensure to do your online shopping on known and reputed websites only.
• Do not install any software that comes as an attachment via e-mail/web promotion.
• Run spyware checks on your computer frequently. A weekly scan is highly recommended.
• Never buy software in response to unexpected pop-up messages or e-mails
• Never click links in messages from unknown or untrusted contacts, and avoid clicking on message links sent from trusted contacts unless you are certain where it will lead you
• Never install unauthorized, unlicensed or unapproved software on your computer
• Do not insert untrusted computer media into your computer
• Be alert of unsolicited text or other message requests for software installs or links to unknown or untrusted locations

ICICI Bank has strong measures to ensure the security and safety of your account. By staying alert to potential security threats and keeping in mind the suggestions listed above, you can enjoy a safe and secure banking experience.

We at ICICI Bank believe in promoting awareness amongst our customers by updating them with the latest threats and alerts associated with online banking.

 

Recently an alert was issued by CERT-In and US-CERT highlighting that a new banking malware known as 'Dyre/ Dyreza' was used to target customers of well-known financial institutions. Indian Computer Emergency Response Team (CERT-In) and United States Computer Emergency Readiness Team (US-CERT) are nodal government agencies that deal with cyber security threats in India and the United States respectively. These agencies issue alerts and advisories to update users about latest trends in information security along with newly discovered vulnerabilities.

 

The alert issued mentions that since mid-October 2014, a phishing campaign has been targeting a wide variety of consumers while employing the Dyre/ Dyreza banking trojan. This campaign uses various tactics with the intent to entice recipients into opening attachments and downloading malware. Most of the popular banks' customers are targeted with such e-mail attacks.

 

How does a Dyre/ Dyreza malware reach your system?

The malware propagates by using social engineering techniques (Phishing) or by means of spam e-mails. These e-mails pretend to be genuine e-mails received from a financial institution and contain either a ZIP file or a PDF document as an attachment. The zip contains Dyreza malware which installs itself on the target system on being executed.

 

The e-mails that were commonly observed to be sent to spread the malware used the following patterns and characteristics:

• Subject line: "Unpaid invoic" (Spelling errors in the subject line are a characteristic of this campaign)
• Attachment name resembling Invoice621785.pdf

 

What are the impacts of this malware?

Dyreza attaches itself to your Internet browser intercepting any information visible on the browser including your user ID credentials and passwords.

• Attempts to take your passwords or account/ card details of online services, including banking services
• Bypasses your secure browser protection settings
• Captures your keystrokes (while entering passwords)
• Intercepts your browsing activities and communicates the same to the miscreants

 

What are the symptoms of being infected with Dyreza?

Following are the symptoms you will observe if your computer is infected with Dyreza or similar malware:

• Slows down, crashes or displays repeated error messages
• Will not shut down or restart
• Unintended downloads/ unexpected flow of pop-ups
• Displays web pages you did not intend to visit or sends e-mails you did not write (you may check your sent items for this). Once you realise you are affected with a malware, change your banking or e-mail passwords immediately using an uninfected system
• New and unexpected icons in your shortcuts or on your desktop
• Your laptop battery drains more quickly than it should

 

How should one be safe from such malware?

In order to be safe from such fraudulent attacks, you need to be aware of it. It is  recommended to take the following preventive measures to protect your computer networks from phishing campaigns:

• Do not follow unsolicited web links in e-mail
• Use caution when opening e-mail attachments
• Follow safe practices when browsing the web
• Install a reputed and paid anti-virus
• Keep your anti-virus up-to-date
• Keep your operating system and software up-to-date with the latest updates

A key-logger is a device (physical device, hardware) or a computer program (software) which is secretly connected or downloaded on the computers. The aim of this device/program is to record all keystrokes that are generated from a keyboard. The keystrokes are secretly recorded without the user’s knowledge and are viewed by the fraudsters. Usually, the person who has installed the key-logger can retrieve the record by pressing a combination of keys simultaneously and/or by providing a secret password. In some cases, the key-logger can also transmit the details of the record remotely by using e-mail, Bluetooth signals or other methods.

 

How can your computer get infected by a Key-logger?

• A person you know might install one on your computer while you are not watching.
• By using an infected USB device.
• From downloading cracks or Keygens (key generator) from the internet. These files often contain viruses or Key loggers.
• By Installing games or software from unknown publishers.
• From Downloading and Installing programs from torrents.
• By visiting a website that exploits some browser vulnerability, this usually happens when you are using an outdated browser or have outdated plugins in a browser, or your operating system is not up-to-date with the latest security patches.

 

Safety Tips of Key-logger

Use a virtual Keyboard

To protect against both Key logging software and hardware, use a virtual keyboard. A virtual keyboard is a program that shows a keyboard on the screen, and the keys can be ‘pressed’ by using a mouse. If your Internet Banking login screen has a virtual keyboard, it is highly recommended to use it always.

 

Use a firewall always 

Most Key logger software transmit an “I am alive” message as well as the recorded keystrokes to the bot handler. To detect this, install a personal firewall on your PC and keep a track of the data that is being sent by your PC to the external world. Configure an alert whenever any data is being transmitted to internet, review the alert and block the file or port if it is a suspicious data packet.

 

Have a robust and updated antivirus solution running 

Most antivirus companies have already added known Key loggers to their databases, making protecting against Key loggers no different from protecting against other types of malicious programs. Install an antivirus product and keep its database up to date. However, since most antivirus products classify Key loggers as potentially malicious, or potentially undesirable programs, users should ensure that their antivirus product will, with default settings, detect this type of malware. If not, then the product should be configured accordingly, to ensure protection against most common Key loggers.

 

Check the system processes running 

At weekly intervals check the system processes running by typing “msconfig” in your Run Command. Note down the processes that are currently running as well as the processes that are configured to automatically Start when your system boots. Investigate suspicious processes – which is easier said than done! Unfortunately, malware processes are rarely named “evil keylogger.exe”! Often malware, like Key loggers, have names that are similar to other normal processes like svchost.exe, making it difficult to distinguish between a safe process and a malicious one. Further there are quite a few Key loggers that will not show up at all in the Task Manager process list. Nevertheless, prevention is better than cure.

 

Fool the Key logger – a simple way 

Type your password in a random way. Example: if your password is “your password”: Type “password” first then bring cursor to beginning, type "your".  This way you can fool Key loggers.

 

Just say no to freeware 

Just say no to "freeware" Since Key loggers can easily attach themselves to free software offered over the Internet, including free screensavers or Internet accelerators, resist the temptation to install these on your computer. Only install software from recognised vendors.

 

Check for Hardware Key loggers 

These are devices plugged between the keyboard and the computer and are most easy to find. Simply look behind the computer you are using. If you see any kind of adapter or device between the keyboard and the motherboard connector – switch the computer or the Internet Cafe!

 

Monitor your transactions 

Review your order confirmations, Credit Card and Bank Statements as soon as you receive them to make sure you are being charged only for transactions that have taken place. Immediately report any irregularities to your bank.

 

Avoid suspicious sites 

Do not visit suspicious sites. If you suspect that a website is not what it purports to be, leave the site immediately. Do not follow any of the instructions it presents.

 

Avoid using public computer 

Never use computers located in public places such as Internet cafes or airport lounges for online banking.

 

Ransomware is malicious software that is used by cybercriminals to launch data kidnapping and lock screen attacks. If a computer is impacted with ransomware, it will render the files on your computer encrypted and it will prompt you to pay a ransom when you try to open any of those files.

 

How is Ransomware spread?

 

Email: Cybercriminals are notorious for including malicious attachments and links in e-mails that appear to come from friends, reputed organisations, or other trusted sources. Some malicious e-mails can even infect your computer from the e-mail client’s preview pane, without you opening or downloading an attachment or a link.

 

Websites: Ransomware can be inadvertently/unintentionally downloaded from websites, or automatically downloaded while visiting some websites.

 

Outdated software: Ransomware crawls the Internet, looking for vulnerabilities of outdated software to spread its influence over computer systems.

 

Local Area Networks (LANs): A LAN is a group of locally connected computers that share information over a private network. If one computer becomes infected with malware, all other computers in the LAN may get infected as well.

 

Instant Messaging, Peer to Peer and File-sharing systems: If you have processes where you need to use/share online services of your client or vendor, and if their systems or computers are infected with ransomware then it can spread in your computer also.

 

Social networks: Ransomware authors take advantage of many popular social networks, infecting the massive user-data networks with worms. If a social website account is infected with a worm and if anyone visits the person’s profile page then their systems too can get infected with the worm.

 

Pop-ups: Some of the most sophisticated malicious software spread through well-disguised screen pop-ups that look like genuine alerts or messages.

 

Computer storage media: Malicious softwares can easily spread if you share computer storage media with others, such as USB drives, DVDs, and CDs.

 

Safety tips for Ransomware

 

Don’t act on spam e-mail:
By clicking links or opening suspicious attachments, you could be inviting ransomware, or other malware, onto your computer. Just delete spam immediately without opening it.

 

Avoid suspicious sites
Do not visit suspicious sites. If you suspect that a website is not what it seems to be, leave the site immediately. Do not follow any of the instructions on it.

 

Keep security software up to date
Always keep your security software (antivirus) updated. If your security software is not updated then it may not be able to recognise new threats entering your computers.

 

Back-up your files often
As in most cases when ransomware hits, it is difficult to remove. Even if you do successfully remove the malware, your files may still remain inaccessible.

 

Keep your Operating System updated 
Malware like this finds ‘vulnerabilities’ or weak spots in your system, if it hasn’t been updated in a while.

 

Don’t Use Open Wi-Fi
When you are at the local coffee shop, library, and especially the airport, don’t use the “free” open (non-password, non-encrypted) Wi-Fi.

 

Do not open attachments
Don’t open attachments in suspicious and unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in such an e-mail, even if the link seems to be general or non-threatening.