Security scare turns out to be a lot of Skype

Is Skype seeing transaction numbers in an online bank statements as phone numbers?

Last Friday while doing some online banking, I noticed two transactions I'd made recently, one a withdrawal and the other a deposit. The transaction amounts were accurate, and so were the dates. The records even referenced a phone number -- complete with a hyperlink -- that I could click on to make a Skype call to that number.

The only problem was that the records stated that the transactions had taken place in the United Kingdom. I haven't been to the U.K. In fact, both transactions were made at the same Chase ATM in a Dominick's store in Oswego, Illinois.

I called Chase customer service and explained the situation to a customer service rep, who was equally puzzled about what was going on. She accessed my account and assured me she didn't see the U.K. references I could see on my computer. She asked me for a screen shot, which I e-mailed to her so she could verify what was going on. After taking a look at my screen grab, she expressed bafflement, urged me not to click on any links on my screen and transferred me to another rep. He, too was unable to explain what was going on, but assured me that my account didn't appear to be compromised. He told me to change my username and password, offered to cancel my debit card if I wanted to, and gave me his direct line in case I noticed anything else weird.

Changing my username and password made no difference. Then, I did a little checking -- and found that the only time the transactions showed up weirdly was when I used Internet Explorer 7. The screen sort of briefly flickered after I'd logged in and a number with a +44 country code for Great Britain and a hyperlinked "Call" appeared under each of the two transactions.

When I logged in with Firefox, the transactions looked just like every other record, showing the date, the kind of transaction (ATM withdrawal or deposit or point-of-sale) and a reference number. I accessed the account from another computer, first using IE 6 and then using Firefox and everything appeared to be in order.

By now I was thinking maybe the first computer had been infected by a nasty Trojan exploiting an IE7 vulnerability to inject its own code into the bank's traffic and display it on my browser. I also wondered how a seemingly secure banking transaction at one of the largest banks in the U.S. could be co-opted this way. No doubt, with more and more people scrutinizing their online accounts in the wake of a rash of data breaches, I'm not alone in trying to spot anomalies.

Unlike most people, however, I'm regularly in touch with security researchers, so I called several and explained my plight. Their guess: My computer might have indeed been compromised; what I was seeing could well be a classic man-in-the-middle attack or a phishing handoff.

Don Jackson, a security researcher at SecureWorks, told me that several Trojans are floating around online that do just what I had described. The attacks usually target IE. Such Trojans usually hook into browser and network code then install themselves as a browser helper object or as a layered service provider that intercepts network traffic -- even traffic protected by SSL encryption, he said. The Trojans are programmed to do a "find and replace" function for certain transaction details such as destination routing and account numbers. Sources are often changed to hide the activity from the victim or to defeat bank-end fraud-detection mechanisms.

"Often, these find-and-replace functions are custom-coded modules that are developed by the bad guys and downloaded to an existing Trojan infection," Jackson said. The Trojans are designed to capture logs and to reverse-engineer the transaction used by a bank's online applications to find out what data to change to funnel money to themselves. One example of this kind of a Trojan is Torpig, which has mainly targeted customers of European banks but has started to target U.S. bank customers. Another example is called Sinowall.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?