Christmas shoppers buying goods over the Internet must be aware that banker trojans are rife and lying in wait to steal their banking details.
As one of the main threats online shoppers will face this Christmas, banker trojans are designed to steal passwords for accessing online banking services and payment platforms like PayPal. Banker Trojans accounted for 18.59% of malware infections in 2007 and 24.10% of the infections caused by Trojans.
“The number of online transactions grows a lot during the Christmas season. That’s why cyber-crooks also increase the number of creations they put in circulation in order to get users’ money”, says Jeremy Matthews, CE of Panda Security (South Africa).
This type of malware works in various ways, from capturing keystrokes to redirecting users to spoofed banking sites in order to get their money. Online shoppers must make sure their computers are free from malicious code before carrying out online transactions.
Another threat consumers must face during the holiday season is phishing: emails that simulate to come from a banking entity or an online purchase service, but are actually false. Usually, users are asked to click a link and enter their banking details. However, if they do this, they will be giving their data to cyber-crooks.
Besides online transactions, the time spent by users playing online games like World of Worldcraft (WoW) or Lineage also increases in Christmas. Cyber–crooks know this and have actually started to launch attacks to get passwords for video games.
“The reason for this is the huge number of assets and extra features available to players as they advance through games. Inexperienced players are ready to pay for them in forums, chats and auction pages. This is exploited by cyber-crooks to make money out of passwords stolen from users”, explains Matthews.
Another tool people will massively use this Christmas is instant messaging. Aware of this, cyber-crooks have been working on ways to use these services to spread their creations over the last few months.
Generally, malware spreads by sending out links or files that seem to come from one of the targeted users’ contacts. However, if one of them clicks the link or runs the file, they will also become infected.
“Users must follow this simple advice: never click a file or a link before checking who the sender is. To do this, just ask your contact if they have sent you something”, explains Matthews.