UK BANKS and other financial institutions are being warned to be extra vigilant following the release on the internet of a new so-called "PC super bug" designed to steal online banking log-on details on an unprecedented scale.
Cyber criminals have let loose a virus called Limbo 2 Trojan, which, according to security experts, is an extremely nasty bug developed specifically to worm its way into finance websites in order to cause maximum damage.
Andrew Watson, managing
director of Quorum Network Resources, an Edinburgh-based technology e-business and security solutions firm, said care had to be taken – whether or not the virus lived up to its developers' expectations.
He advised organisations to keep their anti-virus software firewall and associated security measures up-to-date at all times.
Such 'malware' attacks on bank sites, which can lead to consumers having their accounts significantly reduced or even cleaned out, is not new.
But security firm Prevx said the difference this time is that the new bug has been developed specifically to evade the vast majority of anti-virus computer systems. Such systems are devised by global IT security firms, including McAfee, Symantec and AVG.
Finance houses all over the world rely on them to provide adequate protection.
Hackers are reported to be so confident this particular bug can avoid detection and sidestep top security filter products that copies are changing hands for up to $1,300 (£650) a time.
The stakes are higher than ever for a blue chip financial outfit that falls short of securing its online systems.
It is estimated that a single data breach can cost a big firm more than £3m to rectify.
Prevx reported that the Trojan bug features a changeable shell with a pliable cloak coming in many guises and variants to try to fool security systems and slip past conventional signature-based anti-virus detection.
This involves illegal technology that generates fake information boxes on a compromised computer, asking the user to enter more information than usual.
While this is happening, passwords, credit card information and other personal details are transmitted to the malware's criminal operator to then exploit financially.
Jacques Erasmus, Prevyx's director of malware research, said: "Its strength lies in its versatility.
"Even if it is recognised by an anti-virus company it can be changed so as to be invisible again within hours."
Cybercrime has moved on from the 1990s concept of teenage geeks causing havoc from their bedrooms with no understanding of the consequences.
Now gangs operate from a number of countries, including Bulgaria and Romania.
The full article contains 438 words and appears in Scotland On Sunday newspaper.
