Bug hijacks bank accounts, credit cards

By STEPHEN COOK

Computer users face a new threat from a devious form of software that allows internet hijackers to plunder your bank accounts and steal credit card details.

The software exposes holes in Microsoft's Internet Explorer browser and, unlike viruses passed on by email, this bug is spread simply by visiting an infected site, which can install a so-called trojan or keystroke logger that lets hackers spy on your computer use.

The trojan is designed for "phishing", that is, stealing financial and other account details from the infected user. This could mean your bank account number, password or login and your credit card details.

The virus is hidden inside "pop-up" advertisements that appear on screen without warning. Clicking on the "close" button to get rid of the advert triggers the virus to secretly install itself on the computer.

The bug is then programmed to wait until the user begins logging on to his or her internet bank account, where it sets about stealing personal details.

Computer security experts say regardless of Microsoft's efforts to release patches and tightening Explorer security, the browser will remain a risk because nearly every PC uses it.

Brian Eardley-Wilmot, of Auckland- based Computer Forensics, said yesterday that no browser was completely immune from the threat.

But Internet Explorer was especially vulnerable because of its huge market dominance.

The situation was made worse by the fact that many New Zealanders were casual about updating their security settings.

Mr Eardley-Wilmot said there had been no reports yet of New Zealand bank accounts being plundered, but if browser users did not safeguard themselves then there was every chance they could fall victim.

The key was to constantly update anti-virus programs, anti-trojan devices and security patches.

"If you are not prepared to take responsibility then you will have a problem," he said.

"New Zealanders are as much at risk as overseas computer users - these trojans can strike anywhere.

"If you don't have these security measures in place you should not conduct any online business."

Nick Brown, of Xtra, the country's largest internet service provider, said it had not noticed any significant impact on customers as a result of recent international spyware attacks.

Through Xtra's online security section, customers were given information about anti-spyware tools, with links to suppliers.

Protect your PC

* Regularly install Microsoft's security patches.

* Install a pop-up killer.

* Update your anti-virus program at least every fortnight.

* Install at least two anti-trojan devices on your PC.