Australia Fights Citadel

The Microsoft-led collaboration with the FBI has won some battles against the Russian crime ring that has deployed Citadel. But this is a small victory in light of the damage that Citadel and other malware is causing in Australia. Citadel is a banking Trojan, but it is also being used as “ransomware”. Unsuspecting users are allowing their computers to be infected by not taking steps to shield their online activity from these very serious threats.

Citadel and Carberp

New variations of Citadel are being actively developed all the time. This latest surge of cybercrime uses Citadel to lock users’ computers. A message claiming to be from local law enforcement claims that it is infected, and that payment must be made before the computer can be released. In cooperation with Group-IB, a Russian security and forensics company, Australia is also working to beat a banking malware called Carberp.

This Ukrainian bug was designed much like Citadel. It infects the user’s computer when the user visits a webpage created to deploy the virus. The virus then lies dormant until the users log into their bank accounts. The virus then tries to take over the transaction through the browser and access all available funds. Over the last year, 150,000 computers in Australia have been infected by Carberp. With additional personal online security, these infections could be prevented. Users must first be very careful what links they click on as harmless offers and invitations to play fun games are designed to lure them to pages where they will be infected. Additional security such as the data encryption offered by a VPN service is also highly recommended.

Very Dangerous Malware

Microsoft and fellow security software developers Kaspersky, Symantec, and McAfee agree that Carberp is a very effective and therefore dangerous family of Trojans. It can take screenshots, record keystrokes, and take banking details including account numbers, names and passwords. Once infected, a computer and anything it is used for is an open book. The infection is nearly impossible to detect and very difficult to remove without the help of software and anti-virus experts. The best defense is the use of an encrypted tunnel when accessing the internet, and visiting only websites on the same network that are known and certified secure.

Active Trojan Development

Group-IB’s international projects leader, Andrey Komarov, Carberp has been sold to and is being developed by an underground operation. One developer has built “web-inject”, an add-on which allows hackers to recycle the data they have collected for use in attacks elsewhere in the world. Once the hackers have access to the user’s account, they can take the user to a fake page where the computer is further infected to allow hackers to view the open browser and gather more data.

Group-IB reports that Bendigo Bank,Teachers Mutual Bank,CommBank,BankWest, Adelaide Bank, NAB, Westpac, Suncorp, and DefenceBank customers are at risk as well. The user will not notice that their session has been hijacked. To stop the spread of these attacks, users must do their part to avoid using unsecure networks for sensitive transactions or to use separate connections for casual browsing and sensitive transactions.

Building a Network of Infected Computers

Komarov is keeping Australian banks informed on the latest malware. The Bank of Queensland and ANZ Bank have already stepped up and quickly responded to these fraud alerts.Komariv reports that ANZ Bank employees sprang to action to block threats to compromised accounts and have also been particularly helpful in spreading the word to other banks. Hopes are high that other banks will put together e-crime divisions as responsive as ANZ’s.

The cybercriminals are also taking advantage of web searches to build their network of infected computers. When users type in bank-associated key phrases and click on these results, they are taken to hacker-controlled pages that tell them they need to install software such as Flash, Java or Microsoft products. The software they download is fake and will give hackers full access to the user’s computer. Existing anti-virus software is as yet unable to block or remove this malware, and the only known security solution to prevent such attacks is to avoid following these links and to take advantage of the data encryption provided by a VPN.

For more information on VPN security, please read our VPN reviews.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
Filed in: News

Get Updates

Share This Post

Recent Posts

Leave a Reply

Submit Comment

© 2017 Get Best VPN Service in Europe. All rights reserved.