Some types of businesses have been in existence for ages and will continue to do so long into the future. In the case of bakeries for example, regardless of the times they try to reinvent themselves, the way in which customers enter and buy bread has not changed much since the first bakery opened.

Yet there is another type of ‘business’ which is surely as old as mankind and which has survived for generations in practically all cultures: scams. To trick, rip-off, swindle, etc. for one’s own benefit. The world’s most ancient laws already included penalties for fraud and scams.

Today, our world now largely moves on the Internet. Tasks which had to be personally carried out in the past, can now be done from a keyboard. One of the most frequent of these is banking, to the extent that phrases like “I have to go to the bank” are rarely heard. Transfers, loans, the opening or closing of accounts… practically everything can be done via online banks.

But if scams can be applied to web pages, the combination is explosive. Malware creators have discovered that it is relatively easy to obtain users’ details to access their accounts. Banker Trojans are especially good at this.

In only two years, 2005 and 2006, PandaLabs detected over 12,000 different banker Trojans. These codes are at their peak. Online banks are reacting quickly, but even so, attacks are still taking place. How many Trojans will have been detected by the end of 2007? Six months into the year there have been almost 40,000 detections, which means over 200 new banker Trojans are detected daily. Are online banks safer than before?

In theory, the security measures online banks are implementing were developed some time ago and are quite effective. (It could be said that there is no such thing as 100% security, but that is another matter). Most security problems when accessing banks is due to the fact that users tend to trust that the website they are accessing is really that of their bank.

Very few bank users would be fooled physically. Imagine you are walking down the street and a well-dressed person hands you a business card from your bank.  He claims to work in the security department and needs to check that your credit card is valid. At first, no one would trust a stranger who asked for your credit card for no apparent reason. You would go to the bank demanding an explanation.

However, banker Trojans are increasingly present on the Internet, so it must be a lucrative activity. Regardless of the economic losses caused by these threats, for a single user to lose their passwords is already a big enough problem.

How can these problems be avoided? In theory, with a good antivirus security system. Antiviruses, however, only protect against known threats, so if hackers develop new applications, traditional antiviruses will be useless, since the applications have not previously been detected. To fight off new threats, users need a higher protection level: preventive protection technologies, capable of detecting malicious programs simply by observing their behavior. Password theft requires several uncommon operations, which allow suspicious activity to be detected. Easy, isn’t it?

In spite of this, malicious activities can go unnoticed by many security systems. Yes, there could be a skilful hacker who could conceal their applications well enough making such security insufficient.

In this case, seek professional help.  In the same way doctors refer patients to specialists for specific diagnoses, some professionals can completely analyze computers, searching at much deeper levels than can be imagined to find the danger that could cost you your savings.

Carry out an in-depth audit on your computers, you may find something you dislike. Hackers could damage your computer, regardless of the security solution you are using. Don’t you think? Try NanoScan to check if you are really safe. It will only take you a minute to find huge amounts of malware running on your computer. If you wish to check at a corporate level, all your network computers, you can find the solution you are looking for Malware Radar.

Fernando de la Cuadra
International Technical Editor
Panda Security (http://pandasecurity.lin3sdev.com)
E-mail: fernando.delacuadra@pandasecurity.com