It looks like one of the largest banks in United States; Bank of America is facing a massive outage on its online website. The outage is causing its customer to freak out as it is not allowing them to log in.
Loads of users on Twitter are complaining about the outage. Users are shown a splash screen when they visit the website http://www.bankofamerica.com and clicking on the Login button displays the following message;
Online Banking is experiencing temporary slowed system response. While we are resolving the situation, we want to help you get to where you are going:
Clicking on the "Continue to Online Banking" link takes you to a website which is down. It is not clear as to whether the outage is a system problem or whether they are under a mysterious attack. Bank of America has seen outages in the past which were not an attempted DDoS by the Anonymous group.
We will update the story once we have more information.
As if the various Osama Bin Laden video scams on Facebook were not enough, a new malware is being spread through emails now. If you receive any emails with an attachment named Fotos_Osama_Bin_Laden.zip or something similar, DO NOT OPEN IT.
According to F-Secure Labs, an email is doing the rounds of the internet with an attachment named Fotos_Osama_Bin_Laden.zip, this could be named differently too as Photos_Osama_Bin_Laden.zip. The file contains an executable named Fotos_Osama_Bin_Laden.exe.
The executable does not contain any photos of Osama Bin Laden but is infected with the Trojan-Downloader:W32/Banload.BKHJ, which is a banking Trojan. It installs on the system and will start to monitor your online banking sessions via a Browse Helper Object (BHO) and try to redirect your payments to wrong accounts.
If you have downloaded or clicked on the attachment run an free online scanner or a anti-malware after disabling access to the internet. You might also want to run scans using your Antivirus. If you don’t have one, head over to our Free Antivirus section to find one.
The new Trojan is playing on human curiosity generated by the death of Osama Bin Laden. There are actually no leaked photos or videos of the event. As an advice, please don’t click on any links which tell you that you can watch a censored video or pictures of Osama Bin Laden’s death.
You will not be able to watch any videos or pictures unless the US government releases them. So hold your horses until then and don’t spread the virus of become affected by it.
How would you feel about a computer infection that could lie to your bank about your online transactions? What would happen if details such as who you are paying and how much, could be changed without you knowing it?
That’s exactly what can happen with the current crop of transactional trojans. This is called screen injection, HTML overlayor the man-in-the-browser attack.
This type of infection can spy on you while you are online at many banking sites. ATM PINs, social security numbers and answers to secret questions are the types of information that will be stolen.
Previously, we’ve written about the Zeus trojan, which is the current king of the transactional trojans. Zeus used some very unique command-and-controlinterfaces that actually fooled security experts into giving up information. The Zeus trojan was also used to infect hundreds of U.S. Government employees when they opened a fake Christmas Card email from the White House.
If that’s not scary enough, there are more trojans out there that are being bred to compete with Zeus. According to TrustDefender, a well known security provider, a trojan named Carberp has recently added a whole slew of new features. These new features are intended to make it just as useful to black hats as Zeus. Here are some of the features:
- It can run on non-administrator accounts.
- It can infect XP, Vista and Seven machines.
- It doesn’t make changes to the Window registry.
- It hooks into the web browser to control all internet traffic.
- It’s able to transmit real-time data to it’s masters.
It also covers it’s identity by appending random data into itself to foil normal anti-virus detection. The fact that it can run in non-admin mode and doesn’t write to the registry also makes it harder to detect. To most security software, Carberp could appear to be a simple browser add-on or extension.
The older Zeus trojan hasn’t been improved recently, and it looks like there’s a battle brewing that will decide the next popular trojan. Carberp is in the running with two or three others, such as SpyEye and Gozi.
It’s a rat race, with security experts always trying to build a better trap for the fast rats that keep breeding even faster rats. The security field profits from this race and so do the hackers.
We are the big losers.
Bharti Airtel is soon going to launch mobile wallet and mobile payment services in India. In a press statement on Wednesday, Bharti Airtel announced that the Reserve Bank of India had granted it a license to offer “Semi Closed Wallet” services to its customers.
Users will be able to use the mobile wallet service to conduct transactions up to Rs 5000. They can use the wallet at specific outlets which will tie up with Bharti. Users can only use it for purchases, not for withdrawing cash. Mobile phone penetration is much higher than that of banking services in India.
“Semi-closed wallet are prepaid payment instruments that are redeemable at a group of clearly-identified merchant locations/ establishments which contract specifically with the issuer to accept the payment instrument. These instruments do not permit cash withdrawal or redemption by the holder.
Currently we are evaluating various options that this licence provides to find out how best we can create a value proposition for Airtel customers. It is imperative to design a safe & convenient deployment before we can take to the market,” said the official statement by Bharti Airtel.
Mobile payments are touted to be the next big thing, both in mobile VAS and banking. Knowing Airtel, you can rest assured that it is going to be huge; probably the beginning of mobile payment services in India.