Just in time for the holidays, researchers have found a new virus that uses your computer and online banking sites to get your information and access your accounts.
It all started with a post on an underground cybercrime site on July 18. On offer: a program that could be used to break into “about 100 banks” and attack “any bank in the country.”
Experts at Kaspersky Lab, a Russian computer security company, began to look into it.
In November, they noticed hackers were buying and selling information to help open bank accounts meant to manage stolen funds.
By mid-November, they had recorded several thousand infections around the world. And it will likely spread even faster over the holidays.
“We can expect to see mass Neverquest attacks toward the end of the year, which should ultimately lead to more users becoming victims of online cash theft,” wrote Sergey Golovanov. a researcher at the lab in a blog post on Tuesday.
“In light of Neverquest’s self-replication capabilities, the number of users attacked could increase considerably over a short period of time.”
The virus, called Trojan-Banker.Win32/64.Neverquest (or Neverquest for short) is particularly dangerous because of how fast it can spread.
A Trojan is a kind of computer virus that gains access to a computer system by appearing benign. It then infects the website or computer and performs its task. This one steals banking information.
It modifies the content of websites opened in Internet Explorer or Mozilla Firefox. It leads users to modified websites that look like originals but instead send all their username or password information back to the hackers. They can then use virtual network computing, which allows someone to access another person’s computer from anywhere in the world. This way, they hack into user bank accounts without setting off any alarms, since it seems like the person is logging in through their own computer.
It has already targeted 28 banking and online payment sites in Germany, Italy, Turkey and India. But it is engineered to search for more. It searches webpages for keywords such as “balance,” “checking account,” and “account summary.”
Golovanov said that the Fidelity Investment site appears to be a top target for the program. It is one of the largest mutual fund investment firms, and has a variety of ways for clients to access their accounts online.
“This gives malicious users the chance to not only transfer cash funds to their own accounts, but also to play the stock market using the accounts and money of Neverquest victims,” he wrote.
The virus also harvests data to access social media accounts. Some sites include Skype, Flickr, Myspace, Farmville, Zynga, Facebook, Twitter and others.
Emails attachments are another way Neverquest can get onto your computer. In this case, users can protect themselves by not opening suspicious emails or messages.
Some malicious attachments have names such as “travel-00034.jpg.zip” or even “light details_united airlines.pdf.zip.”
Another way to protect information is to use a virtual keyboard. This is a program that allows users to type in passwords or usernames using a clickable keyboard on the screen instead of typing, since the virus is able to log keystrokes on a real keyboard once it gets into the computer.
But that still isn’t enough.
“Protection against threats such as Neverquest requires more than just standard antivirus,” said Golovanov.
Users should have some kind of solution that secures not only their computer but online transactions and prevent manipulation by other applications.
This virus is an attempt to fill a few “holes” in the cyber black market, according to Golovanov. He wrote that after several criminal cases associated with bank website viruses were wrapped up, new users are creating new technologies.
“This threat is relatively new, and cybercriminals still aren’t using it to its full capacity,” he warns.
He expects that Neverquest will spread very fast, especially over the upcoming holiday season when malware use generally spikes.