Text only | Text with Images

IDNetters Forums

Technical News & Discussion => Mobile Devices News & Discussion => Topic started by: Simon on Sep 28, 2010, 21:27:16

Title: SMS-harvesting mobile virus targeting banks
Post by: Simon on Sep 28, 2010, 21:27:16
Security experts are warning of a variant of the Zeus banking trojan that attacks mobile phones and can bypass the two-stage verification system used by some banks.

Zeus Mitmo is previously unknown malware that is designed to intercept the confirmation SMS sent out by some banks as part of the online log-in process, according to Spanish security company S21sec.

"The reason is pretty obvious: many companies (not only financial institutions) are using SMS as a second authentication vector, so having both the online username and password is not enough in the identity theft process," said analyst David Barroso in the S21sec security blog.

Read more: http://www.pcpro.co.uk/news/security/361504/sms-harvesting-mobile-virus-targeting-banks
Title: Re: SMS-harvesting mobile virus targeting banks
Post by: Niall on Sep 28, 2010, 22:19:03
You won't catch me using a mobile device to access my bank online. Not a bleedin' chance!
Title: Re: SMS-harvesting mobile virus targeting banks
Post by: Simon on Sep 28, 2010, 22:23:35
I agree, Niall.  It's tempting to think those that do, deserve all they get.
Title: Re: SMS-harvesting mobile virus targeting banks
Post by: Gary on Sep 29, 2010, 09:19:55
Yet people will access it via the internet....and that's totally safe  :eyebrow:
Title: Re: SMS-harvesting mobile virus targeting banks
Post by: Simon on Sep 29, 2010, 10:28:00
It's got to be safER, hasn't it, Gary?
Title: Re: SMS-harvesting mobile virus targeting banks
Post by: gyruss on Sep 29, 2010, 13:29:19
I don't even switch my wireless on with my router, let alone trust systems like this for banking.. keep whats yours.. yours.
Title: Re: SMS-harvesting mobile virus targeting banks
Post by: Gary on Sep 29, 2010, 14:05:28
Quote from: Simon on Sep 29, 2010, 10:28:00
It's got to be safER, hasn't it, Gary?
I'm not sure these days, even with cables there are so many possible things that can catch your browser out its hard to tell, and malware that hides so deep alot of AV's don't find it. TBH I have a barclaycard with a wifi swipe thing, now if they think that's safe then phones and wifi are in the same boat really. All technology is open to abuse, its just how good your security reallyis and how sensible you are, I use mini statements  on my iPhone with the NatWest app, but that was pretty obvious to set up as you received a letter and I only do it over my WiFi, and that has WPA2 256-bit AES encryption, so for now that's good enough for me.

The idea is in a few years cell phones will become mobile wallets, people want convenience combining everything into one neat package, but like the forgers of paper money and the swipe card thief's, there will always be ways in, but it does not make new ideas and methods inherently bad. Innovation will always bring hackers where money is involved, I mean you cannot really trust a hole in the wall machine outside a bank these days but millions do, and will continue to do so, and why shouldn't they? This technology was given to us to use and its useful in a society where free time is diminishing for many so going to the bank is for some harder and harder as if you work Saturdays or are away a lot this kind of help is what you need..
Text only | Text with Images