New Virus Raids Your Bank Account And Covers Its Tracks

A post on a hacker forum about buying and selling databases of information used to access bank accounts and documents
A post on a hacker forum about buying and selling databases of information used to access bank accounts and documents

Researchers have found a new virus that uses your computer and online banking sites to get your information and access your accounts.

It all started with a post on an underground cybercrime site on July 18. On offer: a program that could be used to break into “about 100 banks” and attack “any bank in the country.”

Experts at Kaspersky Lab, a Russian computer security company, began to look into it.

In November, they noticed hackers were buying and selling information to help open bank accounts meant to manage stolen funds.

By mid-November, they had recorded several thousand infections around the world.

“We can expect to see mass Neverquest attacks toward the end of the year, which should ultimately lead to more users becoming victims of online cash theft,” wrote Sergey Golovanov. a researcher at the lab in a blog post on Tuesday.

“In light of Neverquest’s self-replication capabilities, the number of users attacked could increase considerably over a short period of time.”

The virus, called Trojan-Banker.Win32/64.Neverquest (or Neverquest for short) is particularly dangerous because of how fast it can spread.

A Trojan is a kind of computer virus that gains access to a computer system by appearing benign. It then infects the website or computer and performs its task. This one steals banking information.

It modifies the content of websites opened in Internet Explorer or Mozilla Firefox. It leads users to modified websites that look like originals but instead send all their username or password information back to the hackers. They can then use virtual network computing, which allows someone to access another person’s computer from anywhere in the world. This way, they hack into user bank accounts without setting off any alarms, since it seems like the person is logging in through their own computer.

It has already targeted 28 banking and online payment sites in Germany, Italy, Turkey and India. But it is engineered to search for more. It searches webpages for keywords such as “balance,” “checking account,” and “account summary.”

The virus also harvests data to access social media accounts. Some sites include Skype, Flickr, Myspace, Farmville, Zynga, Facebook, Twitter and others.

Emails attachments are another way Neverquest can get onto your computer. In this case, users can protect themselves by not opening suspicious emails or messages.

Some malicious attachments have names such as “” or even “light details_united”

Another way to protect information is to use a virtual keyboard. This is a program that allows users to type in passwords or usernames using a clickable keyboard on the screen instead of typing, since the virus is able to log keystrokes on a real keyboard once it gets into the computer.

But that still isn’t enough.

“Protection against threats such as Neverquest requires more than just standard antivirus,” said Golovanov.

“This threat is relatively new, and cybercriminals still aren’t using it to its full capacity,” he warns.

He expects that Neverquest will spread very fast, especially over the upcoming holiday season when malware use generally spikes.

An Israeli-based Security firm Trusteer had in January 2012 announced that it found an elaborate new computer virus that not only helps fraudsters steal money from bank accounts — it also covers its tracks.

According to the firm, a new version of the widely prevalent SpyEye Trojan horse works much the same way, only it swaps out banking Web pages rather than video, preventing account holders from noticing that their money is gone.

The Trojan horse employs a powerful two-step process to commit the electronic crime. First, the virus lies in wait until a customer with an infected computer visits an online banking site, steals their login credentials and tricks the victim into divulging additional personal information such as debit card information. Then, after the stolen card number is used for a fraudulent purchase, the virus intercepts any further visits to the victim’s banking site and scrubs transaction records clean of any fraud. That prevents — or at least delays — consumers from discovering fraud and reporting it to the bank, buying the fraudster critical extra time to complete the crime.