The typical malware bot is injected onto a victim PC, usually by clicking on a link or otherwise visiting a website designed for that purpose. The bot is usually programmed to perform a specific function. For example, a banking bot or banker Trojan is designed to obtain online banking credentials when online banking transactions are performed by the owner of the computer and then use those credentials, such as the banking sign-on name and password, to perform electronic funds transfers to a bank account controlled by the criminal. And all this is done in a matter of seconds after the credentials are obtained.
Enter a powerful new bot called Ainslot.L. Once injected onto the victim computer, it is smart enough to look for other malware bots that may reside on the computer and kill them before it begins to perform it’s own mal-activities. If this is starting to sound like a movie scene involving organized crime “taking over new territory” by bumping off other crooks in order to expand their business…well, I would agree with that assumption. In fact, most Internet criminal activity is controlled by organized crime units located in Russia and other Eastern Bloc countries. So I’m not surprised that they’re acting like organized crime of old.
Back to Ainslot.L. Another way this bot is different from the norm is that the fake email that spreads it is different from the usually sloppy and grammatically incorrect emails used by typical bots of today. This email is well thought out and well written. It informs the reader that they have placed an order for an expensive product that will be charged to their credit card. It includes a link to view the order.
As you might imagine, most people will panic that the order is a mistake and they immediately go into information gathering mode and want to, yes, you guessed it…view the order. Clicking that link loads the bot onto their computer. Once the bot takes control, it begins it’s dastardly tasks. And the poor owner of the PC is, well…poorer.
You can arm your computer and protect your money by doing the following:
1. Keep your virus protection software updated at all times. Use the automatic update feature by turning it on.
2. Check your account transactions recorded by the bank on a regular basis and ensure they’re all valid. If not, notify your bank immediately of the fraudulent transaction. If they find out soon enough, they can take advantage of a built-in lag in EFT transactions to cancel it.
3. If your bank is not already doing so, encourage them to use strong online financial transaction security practices such as placing a security cookie on your computer for verification purposes; and limiting the size of withdrawals and transfers of funds made by your computer. These practices may not prevent the theft, but it may slow them down enough that you or the bank will detect something amiss and allow you to take some action.
As always, I appreciate your comments on this subject…so please do. And be careful out there…it’s extremely dangerous these days.
Don’t miss an article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.
Home computing is a blast…keep it safe, productive and enjoyable.