Swiss bank says password attack hasn't bitten

No reports of damage caused by virus designed to capture account details, claims bank

Swiss bank UBS said Friday that the virus designed to steal passwords from its Internet customers has caused no damage.

The bank says only a small proportion of its users are susceptible to the attack and that noone has reported any problems so far.

The virus -- a variant of the LoveBug that broke out in May -- targets customers using the bank's USB PIN online software. Disguised as a job application attached to an email message, the virus downloads a program that steals passwords, called a "Hooker", and emails the information to an anonymous mail address.

"An analysis by UBS has shown that only a small proportion of UBS e-banking clients are at risk," says the Swiss bank in a statement. "The vast majority does not use PIN software and are therefore not affected by the virus. There are no reports of damage as yet."

Virus experts say that the virus, VBS/Loveletter.bd, is a particularly nasty twist on the original LoveBug virus because its is designed to target a specific group of computer users and attack the bank.

Although USB says the risk of the virus is minimal, it recommends that any customers who have opened an attachment named "resume.txt.vbs" should disable their application by entering an incorrect password three times and call the emergency number: 0848 848 062.

USB says it is "preparing to take legal action against whoever is responsible [for the virus]". The bank also says that its IT experts have used filtering software to stop the virus from spreading. Antivirus vendors, however, say that the virus has been reported in the wild in both Switzerland and Russia.

Take me to Hackers

Take me to the Virus Workshop

What do you think? Tell the Mailroom. And read what others have said.