Norman Safeground Blogs

insight, opinion & information


New malware tricks Windows’ security to steal your bank details

windows-logoWindows has a built-in security system to prevent your PC from getting infected by malicious software. Part of this involves checking the “security signature” of any program that you try to install. Windows compares this signature against Microsoft’s list of approved software developers, and if they match, the program is installed without question.

This solution – similar to one used by Apple’s OSX – means that any criminals writing malicious software should be unable to tamper with a legitimate piece of software, add a virus and then pass it off as unedited.

For example, imagine you wanted to download a copy of Spotify. It’s a free program, and so many websites (as well as the official one) let you download it. How do you know this version of the download is secure? Windows knows because of the security signature.

If you download the file and Windows complains, you’ll know that the security signature is incorrect and that the file has been tampered with. If Windows doesn’t complain, you’ll be okay (as a side note, it’s always better to download programs from their official source to reduce the risk of infection).

The flaw in this system comes from when a criminal gets hold of one of these signatures, because it means dangerous programs can be installed without warning. Unfortunately, this is exactly what has just happened.

A new version of the malware known as ZeuS – famous for stealing users’ bank details – has started installing itself on victim’s computers using a valid digital signature. This means Windows won’t complain when the software attempts to install itself, which means it’s much more likely to infect a vulnerable system.

Because this signature is now out in the wild, criminals can add the ZeuS malware to real software, present it as safe and Windows won’t know the difference. In practice, this means a lot more computers could be infected by the money-stealing malware.

Microsoft should be acting to invalidate this signature, so the threat will hopefully not last for long – but it’s a real concern if other signatures have been stolen as well – particularly if we don’t know about them.

While Microsoft worries about that problem, you should make sure that you don’t have to worry at your end by ensuring that you have anti-virus software and that it is up-to-date.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



The Author:

For Consumption Bloggers

Norman Safeground Blogs Archive