Re: Shocking-Most Security Software Cannot Detect Zeus Virus Malware

So does this mean the vulnerability is only when using Windows, and not when using a Linux distro?

Re: Shocking-Most Security Software Cannot Detect Zeus Virus Malware

i have similar question..
i m pretty sure that linux is virus free (in the sense it does not have loopholes like windoze have)
but, recently i have been wondering if it is possible to "phish" in linux.. or it is completely safe in linux to access bank sites without worrying for password theft?

can anyone put light on this?

Re: Shocking-Most Security Software Cannot Detect Zeus Virus Malware

Short answer: Yes.
Long answer: Yes, yes, yes.

READ the article by Linux guru Rick Moen, which I link to here.

Re: Shocking-Most Security Software Cannot Detect Zeus Virus Malware

When you receive an email which purportedly comes from your banking, financial or consumer retailer, because it "look like" the kind of email those institutions send out and because, IN a Windows email client, when you hover over a link to the bank it appears as :

http://somebank.com

you might be inclined to believe it IS from those institutions. Your fist clue that it is not would be (in Windows) when the email asks you to use the link in it to "sign on and verify your name and password" for "security purposes", or other such nonsense. NO bank or financial institution will ever send out emails asking you to do that.

In Thunderbird(Linux, I don't run browse or email in Windows and I recommend you do not either) or KMail, when you hover your mouse over the link it would show as this:
http://somemalwareserver.org?somecha...//somebank.com

The parts which Thunderbird or KMail shows reveals it to be redirection link. This is because Windows shows only the first extension of a link, not all of them. That's how folks get seduced into downloading a "something.txt" attachment when it is actually a "something.txt.exe"

When you click on a link in Thunderbird it opens either FireFox or Konqueor (or what ever you've set it to use). You can install a plugin or extension in FireFox which shows the IP address of the websites you visit. IF you know the IP address of your bank you can memorize it (or write it down) and compare it with any site which claims to be your bank site. If they are not the same you are being scammed.


Pharming (which you didn't mention) is more serious. Around the world there are 13, IIRC, master domain databases which link IP addresses to domain names- i.e. Domain Name Service servers. Obviously, 13 servers can not service the entire world, so their contents are offloaded on a much larger number of slave servers every so often. When a bad guy hijacks a slave server and substitutes his IP address for your banks IP address, leaving the name the same, and he has copied the banks webpages onto his server, when you browse to "your bank" you will see the bank web page and its log in screen. It is at this point you should notice that the IP address of your Bank has changed AND refuse to log in.

The thing about pharming is that you didn't receive an email asking you to do something with your bank account. You just fired up your browser and clicked your bookmark or googled to it, and unless you happened to notice the IP address has changed you'll never suspect that the msg you get after you log in with your name and password, telling you that the bank server is "down" and to log in later, is bogus. A few hours later the Master DNS servers update the slaves with the bank's REAL IP address and when you log in again things work normal because you are at your banks real web page. A few days later you discover your account is nearly empty. Since the bad guys IP address has been overwritten there is no trace of where his server is.

Re: Shocking-Most Security Software Cannot Detect Zeus Virus Malware

You always have to be aware of phishing, no matter what web browser or OS you use. Long ago I quit clicking links in email altogether. I never trust an email, which could easily be forged, and intensely scrutinize the web sites I visit before sharing information with them.

KeePassX can help protect against phishing. When I want to log into an account, I get the web site address from my KeePassX database and have it pasted into my browser with a few quick keystrokes. That way I know for a fact that the address is not fraudulent, because I entered it into my KeePassX database myself.

Re: Shocking-Most Security Software Cannot Detect Zeus Virus Malware

thanks for info.. especially about pharming.. and about keepassx.
still.. one more question..
what if i am on official site of my bank.
and have logged in.
then.. when i browse in my bank site.. do i have to take any special precaution.. or is it possible for phisher even after i have logged in my account to somehow hack it.. ?

Re: Shocking-Most Security Software Cannot Detect Zeus Virus Malware

No. Once you have arrived at your bank's true website you should not have any problems being redirected to sites the bank has linked to. Usually, if a link takes you off of the bank's website they will warn you that you are leaving their site.

More important is that you do not let FireFox save your passwords to your bank or other financial webpages. So, the first time you browse to your bank and log in, FireFox will ask if you want it to save your passwords. Click NO.

Also, to avoid leaving a browsing history which includes your bank and financial institutions, after you start FireFox click on the "Tools" menu option, then on "Start Private Browsing" BEFORE you browse to your Bank's webpage.

My bank has the option of "registering" my computer so that automatically logs me in based on my IP address. I refuse to use that feature, letting the software think I am using a public computer, which it does not register.

Re: Shocking-Most Security Software Cannot Detect Zeus Virus Malware

Thanks GG..
yeah.. i normally use private browsing.. Ctrl+Shift+P
and have disabled the feature of saving passwords..

thanks for the info..