Helping to protect you every step of the way. We provide you with a veriety of security measures and safeguards to help keep you protected online.

Contact Us

Contact Us

Report fraud or suspicious activity
Report a lost or stolen credit card

Protect Your Organization's Accounts from Financial Trojans

Switch to another Security Center:

San Francisco, CA | Oct 26, 2012

The wide spread use of online banking among consumers has spurred criminals to focus on new ways of collecting personal data. Cybercriminals have expanded their scope through the use of Trojan horse programs. Trojans exploit the security weaknesses within computer operating systems and download malicious software through web browsers that appear to be legitimate. Researchers recently identified a Trojan virus called Cridex which is also recognized by antivirus vendors under the names Carberp and Dapato. Cridex is part of the malware family that steals banking information from the victim's computer. It is spread using an exploit kit designed to target 137 financial institutions worldwide. Social media sites are also the target of Cridex.

To initiate the attack, cybercriminals started compromising hundreds of websites built on the WordPress publishing platform. These attacks started with several large spam email campaigns that contained malicious links or HTML attachments designed to direct users to infected websites. Once the user is exposed, a Phoenix exploit kit downloads a Trojan to the victim's device. The cybercriminals begin capturing screenshots of every page the user visits. Similar to the well-known Zeus Trojan, the cybercriminals attach code onto webpages and can blacklist URLs, redirect URLs and more. The Cridex Trojan intercepts browser requests to webpages that look legitimate and trick the user into providing valuable personal information.

Another unique feature of the Cridex Trojan, when compared to Zeus, is the release of a "World Banking Center" plug-in which contains a database of 137 banks around the world. Cridex is able to inject code into HTML pages on websites contained in the configuration file and is capable of monitoring and manipulating cookies. The stolen data is filed and directed back to a command and control server. This control panel provides a simple user experience for the cybercriminals. It mimics the structure of the banking organization's website pages and allows the Trojan to identify and select fields to send back to the server. By manipulating the webpages of banks and taking control of victim's machines, the Cridex Trojan collects personal information that could be used to make fraudulent transactions.

If you are exposed to malware and your online credentials are compromised, it doesn't take long before the bad guys get access to your bank accounts and begin initiating fraudulent transactions. Bank of the West wants to ensure that your online banking experience is not only convenient but safe and secure. The following are a few ways to help protect your accounts from malware and phishing attacks:

  1. Free McAfee AntiVirus Software. Bank of the West is offering a free 12 month subscription to McAfee AntiVirus Plus. AntiVirus Plus conducts periodic security scans to protect your computer from malware and viruses, dangerous emails and risky web content. McAfee's two-way fire wall also blocks hackers from accessing your personal data. Download McAfee Antivirus Plus or learn more.
  2. Free online fraud protection software. Bank of the West works with Trusteer Rapport to help safeguard the web browser that links to your bank accounts. Trusteer provides two key features; it verifies that you are connected to online banking and not a fraudulent copycat site. Trusteer also secures your login credentials by encrypting your keys strokes. Download Trusteer Rapport or learn more.
  3. Update your operating system regularly. Download Windows and Microsoft updates regularly to ensure your system is patched against Trojan and spyware threats.
  4. Use caution when opening suspicious emails. Make sure your anti-virus software is able to scan all emails and attachments. Steer clear of emails that are not from a trusted source. If an email looks suspicious check the file extension. An extension ending in exe, vbs or pif may indicate malware. Never respond to an email that asks you to reply with your account number, social security or other sensitive data. These emails are phishing emails and Bank of the West will never send emails that request your personal data.
  5. Use strong passwords. Combinations of upper and lowercase letters, numbers and special characters make the most secure passwords. Never write your passwords down and change them periodically.

View Threat Watch Articles

Contact Us

Call us any day of the week and on most holidays

Mon-Fri 6 a.m. to Midnight CT
Sat-Sun 7 a.m. to Midnight CT

To report a lost or stolen credit card

Report suspicious emails

Download computer virus protection. Get McAfee AntiVirus Plus free for the first 12 months. Click here.

1 in 4 business computers in the U.S. is infected with malware. Download Trusteer Rapport and help protect your business from online threats.