Stuff I wrote for my college campus newspaper - 9

Warning to all Online Bankers

Compiled by Sanket Kambli with inputs from security experts

It's a daytime bank burglary without weapons or getaway vans! All it takes is a laptop, a modem and an evil-genius mind.

Computer security experts have warned of Internet virus that steals password and account information of users who bank online.

The latest bug, last month, targets Internet Explorer browser users and can be picked up from pop-ads which secretly download and install programs that reads keystrokes and relays them to the hackers.

The pop-ups are instigated from websites that run ads from certain online ad services. These online ad servers apparently have themselves been hacked into to spread the bug. The virus apparently has a list of about 50 banks. Once it detects the user logging into one of the banks, it reads login passwords and intercepts the information before it gets encrypted.

The earlier virus was of a different origin and was picked up from websites that were infected. However, the goal of both programs remains the same - to steal bank account information. The two attacks highlight new risks to transmission of sensitive financial information on the Internet, experts said.

Users working on Internet Explorer browsers are the main targets of this virus because flaws in the software. However, Microsoft has said that it has been able to fix two of the three flaws, the third one still exists. Experts say that using pop-up killers (software that block pop-up ads) can help in stopping the bug from infecting one's computer. Another option is to use a non-Microsoft browser, such as Netscape, Mozilla or Opera.

Internet Explorer users are invulnerable if they download and install a patch that was released in April this year. Experts have also advised Internet Explorer users to set the security setting for their browser to "high" level.

A report on a website owned by Consumers' Institute of New Zealand, Inc, says a man from Auckland had his bank account robbed through the Internet in April this year.

Withholding his name, the website says $20,000 was transferred from his BNZ business account to a Kiwibank account. The Kiwibank account holder, an innocent third-party, had been duped by fraudsters. He in turn sent the money to a bank in Estonia. The transfer reportedly happened at 7.30 pm on a Friday night and was cleared and gone by midnight. Following Monday morning, a second transfer occurred but was detected and reversed. The man's laptop, which did have anti-virus software, was found to be infected by a Trojan Horse program. The program may have come in as an email attachment or via a dodgy pop-up on a website advertising plasma TVs, the site reports. The program read the keystrokes, which were recorded and transmitted back to the fraudsters, giving them access to his online banking details.