Accessing online account from Windows just once cost Mac user $100,000
Summary: Cut a long story short, there was a password stealing Trojan on the PC and criminals accessed the bank account and pulled out $100,000 in $5,000 and $10,000 chunks.
This is a pretty scary story:
David Green normally only accessed his company’s online bank account from his trusty Mac laptop. Then one day this April while he was home sick, Green found himself needing to authorize a transfer of money out of his firm’s account. Trouble was, he’d left his Mac at work. So he decided to log in to the company’s bank account using his wife’s Windows PC.
Cut a long story short, there was a password stealing Trojan on the PC and criminals accessed the bank account and pulled out $100,000 in $5,000 and $10,000 chunks.
Now, it's easy to think that this guy would have been protected if he'd had proper, up-to-date antivirus installed on his PC. Well, as Brian Krebs points points out, maybe not ...
What’s more, the tools these crooks are using — mainly the Zeus Trojan — almost always outpace anti-virus detection at least by a few days, and by then it’s usually too late.
The question is, who or what to blame? Is it user error? Is it the fault of Windows? Is it the bank's fault?
Another question worth asking is this - Is Windows just far too big and juicy (and easy) a target for hackers that folks still using the platform for sensitive work as asking for trouble? After all, there's absolutely no questioning the fact that this attack would not have worked on the Mac or Linux platform. This firm lost $100,000 due to using Windows. Period.
Oh, and if you do have good security practices in place, make sure you use them ALL THE TIME!!!
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
The timing of this is too delicious #1
http://www.zdnet.com/tb/1-82576-1578538?tag=talkback-river;1_82576_1578538
RE: Accessing online account from Windows just once cost Mac user $100,000
Considering Windows is very vulnerable to drive by attacks where you don't have to explicitly install anything (especially XP) it's very likely the user didn't know this app was installed.
But then again you're pro Microsoft so they can do no harm.
2 things
[i]it's very likely the user didn't know this app was installed[/i]
Read the article moron:
[i]there was a password stealing [b]Trojan[/b][/i]
All the Apple apologists swear and stomp and scream and froth that no OS can protect a user from a trojan.
Second, I'll remind you that at PWN2OWN every year, OS X fell first, within seconds, to drive by attacks. It is actually OS X that is very vulnerable to drive bys. :)
Sure thing, itguy08. Or maybe it was something like this
Linux Live CD
Maybe Windows should only be used within a VM. Maybe after every shutdown, the image should be reverted, and the image should only be modified with security updates, but always revert to the saved version once shut down.
RE: Accessing online account from Windows just once cost Mac user $100,000
Very secure practice, all data that is changed is hosted on separate datastores with a much higher level of protection than is available to the public.
RE: Accessing online account from Windows just once cost Mac user $100,000
http://www.ubcd4win.org
Runs Windows XP from a PE CD or a USB flash drive, and you can do practically anything you'd need to while using it. Including surfing the web and email. I've used this program for a few years now, mostly for repairing computers, but it's quite possible to run your computer with it.
Windows running from Live CD is possible!
I thought of this post immediately.
Let's see how they spin this one.
RE: Accessing online account from Windows just once cost Mac user $100,000
"Free apps install spyware on Macs" is d title of an article i just finished reading on zdnet a moment before I saw this one!
I wonder what that malware does? Hmmm... steal passwords maybe??
RE: Accessing online account from Windows just once cost Mac user $100,000
Even your pea brain can understand this....
"before the flame war begins. it is a trojan, people. something a user has to single handily download from a certain website and installing it on a computer by giving a password."
On Windows systems that are vulnerable to drive by attacks the user needs to do nothing to have this crap installed. This is not true for other OS's at this time.
"Second, I'll remind you that at PWN2OWN every year, OS X fell first, within seconds, to drive by attacks. It is actually OS X that is very vulnerable to drive bys."
Did it really? Funny here:
http://www.computerworld.com/s/article/9174101/Hacker_busts_IE8_on_Windows_7_in_2_minutes?source=rss_news
IE 8/Win 7 - 2 mins. And those guys won the prize.
Wake me when there are real drive by attacks for OS X.
Liar
RE: Accessing online account from Windows just once cost Mac user $100,000
Is that what you're going to tell this guy? That it's OK he lost $100K because it wasn't a drive by attack? Seriously?
So, now, I'll get some popcorn...
I'm grabbin some popcorn as well
Same Ol' bush league journalism
Bottom line
Get over it zipper head, these are the facts of THIS story, not some other story.
@NonZealot
Can we be certain it wasn't his Mac?
http://www.zdnet.com/blog/security/malware-watch-free-mac-os-x-screensavers-bundled-with-spyware/6560?tag=content;selector-blogs
The timing of this is too delicious #2
No OS can protect users from themselves (or we wouldn't be able to install any software). Do not download and authorize the installation of applications (Trojans) from untrusted sources.
Thanks again, banned from zdnet!!
http://www.zdnet.com/tb/1-82576-1578611?tag=talkback-river;1_82576_1578611
RE: Accessing online account from Windows just once cost Mac user $100,000
Windows Users
Preferred target for criminals around the world