Security experts are monitoring credit unions for a so-called "zeusbot" attack, which is bypassing many anti-virus and malware scanning software used by credit union members, putting their personal financial information in jeopardy when they log on to their home banking service.
The zuesbot waits for the user to log in to their online banking, logs the credentials, and then offers a screen that asks the user to further verify their login by entering their credit card data. All information gathered is sent to the attackers.
Credit Union Information Security Professionals Association (CUISPA) noted that "while some users may be skeptical and not enter their data, the damage is already done. The online banking credentials have been compromised."
Please note that no BFSFCU servers have been compromised by the zeusbot
attack. The Zeusbot malware program resides on the personal computers
of online banking users, and collects information from the user's PC as
it is transmitted to the financial institution.
In cases where members report activity, CUISPA said credit unions’ only recourse is to have members shut down, wipe and reload their PC, while the CU changes account passwords. The association, which monitors such security threats, said it has identified "dozens of cases throughout the country."
It is unclear at this time whether BFSFCU members are specifically targeted by the malware. If you believe that your computer has been infected by the zeusbot malware, please contact BFSFCU immediately at (202) 212-6400.
Updated: 1/22/10
|