The report published Tuesday by McAfee also warns of increased efforts by criminals to target online banking with so-called “Trojans” that will become increasingly clever.
Trojans are programs that get on a user’s computer but then lie dormant until the victim opens their bank website. They then add fields for the user to fill in with credit card or ATM information, with graphics that look like the user’s bank’s.
McAfee warns specifically of the “Zeus” family of Trojans that allows an attacker to operate in real time. When a victim logs into an online banking account, a maintenance bar shows up that moves slowly until it fills, which buys the attacker time.
Once the victim logs in, the attacker is notified and initiates a transaction while the victim is waiting for the maintenance bar to fill in. The victim is asked to register personal information that the criminal obtains; the victim eventually gets a message that online banking is down, but only after the attacker has their information.
On the bright side, McAfee reports that law enforcement agencies in the U.S. and around the world have stepped up their efforts in recognition of the problem of cyber-crime. They single out for praise the November 2009 indictments by the Department of Justice of nine people from Russia, Moldova and Estonia who were allegedly responsible for taking $9 million in customer payroll data compromises at RBS WorldPay.
Read the full report by McAfee here.