The original SpyEye Trojan was effective at stealing bank account credentials for online banking. It would also make fraudulent transactions as the user was logged in to the account, allowing them to watch their balance drop to zero. The updated version of SpyEye, discovered by Trusteer, still takes the login credentials, but then adds a twist.

Instead of allowing a user to see the fraudulent transactions being made, it covers its tracks. The Trojan intercepts the communication with the banking website, allowing it to alter transaction records and account balance. So what does this mean? Your bank account could be at zero, and you wouldn’t even know. As the attacker is making fraudulent purchases, the virus scrubs those transactions from the viewed website, leaving the user to think nothing is wrong.

By hiding the transactions, it delays the reporting of fraud to the bank, which in turn allows them to make money on the stolen information.

The setbacks to this new version of SpyEye is that it can only scrub the records when being viewed by the infected computer. But how often do we suspect something is wrong with our account and login from another machine? Since SpyEye cannot alter the banking system, the fraudulent purchases will also show up on paper statements as well as ATM machines that print balances. The problem is that those checking paper statements could be up to 30 days behind.

Something to watch out for. Once infected, the Trojan waits for the user to log into their bank account. Once it steals the login credentials, SpyEye brings up a legitimate looking webpage from the bank asking to confirm debit card information. Once the debit card is confirmed, a fraudulent purchase is made and the process of covering its tracks begin. If you log in to your bank and are asked to confirm your debit card, call your bank directly and ask them if this is necessary. It is better to be safe than sorry.

Be sure to install all critical and recommended updates provided in the Windows Update feature. This will ensure that Internet Explorer is fully updated. Also, if you are using other browsers such as FireFox or Google Chrome, be sure that those are updated to the newest versions as well.

 Digg  Facebook  StumbleUpon  Technorati  Deli.cio.us