S'pore bank refutes Trojan attack claim

A new Trojan horse is targeting customers of Singapore's local banks, a local newspaper has warned, but one of the banks identified has refuted the claim.

The Trojan, which directs users of infected computers to a fake Web site that closely resembles their real banking portal, is capable of stealing log-in information before the legitimate site encrypts it, The Straits Times reported Wednesday.

During the process of logging into an online banking account, the transaction appears to freeze, prompting the user to provide the information multiple times, which the Trojan records.

The paper said the three big local banks--DBS Bank, OCBC Bank and United Overseas Bank (UOB)--were alerted to the Trojan late last month. Citing an advisory posted on the UOB Web site, The Straits Times said cybercriminals could "make unauthorized fund transfers within a short period of time".

Banks in Singapore routinely put out advisories to alert customers of possible threats to their online banking accounts and activities. Online banking users here use two-factor authentication to log into their accounts and may be required to do the same when they perform transactions that involve greater risk, such as third-party funds transfers.

Both DBS and OCBC, indicated in their advisories the Trojan is affiliated to "Banker". DBS included links to security companies, McAfee and Symantec, that identify the Trojan as PWS-Banker.cz, and Infostealer.Banker.C, respectively.

The Trojan variant was also confirmed by a separate source from the banking industry in Singapore.

Low-risk threat
Both Symantec and McAfee rated the Trojan as a low-risk threat. Symantec, which last updated the profile on May 8, said the number of infections was under 50 and listed threat containment as "easy" although it accorded a damage level of "medium".

McAfee released information about PWS-Banker.cz on May 22, and maintained that the risk to both the corporate and home users was "low".

When asked, Symantec was unable to provide the geographical spread of attacks, but ZDNet Asia understands that the threat could impact any bank customer regardless of geographical location or type of banking service offered.

According to UOB, its "site was never targeted" by the Trojan. "Various security solution providers have confirmed this fact for us," a UOB spokesperson said in an e-mail.

"The bank has in place Internet technologies that track and monitor all incoming traffic. This is enforced as part of the bank’s existing suite of security measures and independent of any potential threats like the latest Trojan program," the spokesperson explained. "One vital step in our ongoing efforts to ensure a safe online environment for our bank customers is to proactively engage and alert our customers of any potential threats that may surface."