|
|
|
|
|
|
|
|
|
DBS > security > Pages > security-alerts-news.aspx
|
|
|
|
|
|
|
|
|
|
|
Security Alerts & News
Malware Alerts
| Date: 05 September 2011 |
Alert Level: Amber |
Criticality: Low |
Description: We have discovered different variants of Spyeye malware that may affect the legitimacy of the DBS Internet Banking websites. This malware targets Singapore Internet Banking websites which include the DBS Internet Banking website, DBS IDEAL™, DealOnline and VICKERS Online websites. It is designed to steal customers’ information by altering the “look and feel” of the existing Internet Banking websites.
For instance, if the malware infects the customer's computer, the DBS Internet Banking website will look different and will ask the customer to key in his user ID, pin and one-time pin from his token all at the same time, instead of the usual login method.
Here is a comparison of how the DBS Internet Banking website looks like before and after it is infected with this malware:
|
|
Another indication of the malware infection is that the internet banking website login page remains the same. However, upon login the customer will redirceted to a page that states "We are checking your security settings. Every step can take 1-10 minutes...."
If you see any of the above changes while banking online with us, your computer may likely be infected with this malware. You are advised not to proceed with any transactions until your computer has been checked and disinfected.
Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware. Customers are reminded to remain cautious when banking online. Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account. Protect your computer from being infected with such malware by using an anti-virus software and updating it with the latest anti-virus signature.
If you suspect that your computer or your bank accounts have been compromised while banking online with us, please report it to our contact centre at 1800 111 1111 immediately. |
Remedy: The following list of AntiVirus software is known to be able to detect and quarantine this type of malware. |
| AntiVirus |
Version |
Signature date |
Virus name detected |
| AhnLab-V3 |
2011.09.04.00 |
2011.09.04 |
Spyware/Win32.Zbot |
| AntiVir |
7.11.14.92 |
2011.09.04 |
TR/EyeStye.N.1532 |
| Antiy-AVL |
2.0.3.7 |
2011.09.04 |
Trojan/Win32.SpyEyes.gen |
| Avast |
4.8.1351.0 |
2011.09.04 |
Win32:Malware-gen |
| Avast5
|
5.0.677.0
|
2011.09.04
|
Win32:Malware-gen
|
| AVG
|
10.0.0.1190
|
2011.09.05
|
PSW.Generic9.OTZ
|
| BitDefender
|
7.2
|
2011.09.05
|
Trojan.Generic.KD.337313
|
| ByteHero
|
1.0.0.1
|
2011.08.22
|
-
|
| CAT-QuickHeal
|
11.00
|
2011.09.04
|
- |
| ClamAV
|
0.97.0.0
|
2011.09.05
|
- |
| Commtouch
|
5.3.2.6
|
2011.09.04
|
- |
| Comodo
|
9994
|
2011.09.04
|
UnclassifiedMalware
|
| DrWeb
|
5.0.2.03300
|
2011.09.05
|
Trojan.PWS.SpySweep.52
|
| Emsisoft
|
5.1.0.11
|
2011.09.05
|
Trojan.Win32.Spyeye!IK
|
| eSafe
|
7.0.17.0
|
2011.09.04
|
- |
| eTrust-Vet
|
7.0.17.0
|
2011.09.04
|
- |
| F-Prot
|
4.6.2.117
|
2011.09.04
|
- |
| F-Secure
|
9.0.16440.0
|
2011.09.04
|
Trojan.Generic.KD.337313
|
| Fortinet
|
4.3.370.0
|
2011.09.04
|
W32/SpyEyes.MLQ!tr
|
| GData
|
22
|
2011.09.05
|
Trojan.Generic.KD.337313
|
| Ikarus |
T3.1.1.107.0 |
2011.09.05 |
Trojan.Win32.Spyeye |
| Jiangmin |
13.0.900 |
2011.09.04 |
TrojanSpy.SpyEyes.eto |
| K7AntiVirus |
9.111.5083 |
2011.09.02 |
Spyware |
| Kaspersky |
9.0.0.837 |
2011.09.05 |
Trojan-Spy.Win32.SpyEyes.mlq |
| McAfee |
5.400.0.1158 |
2011.09.05 |
Trojan-Spy.Win32.SpyEyes.mlq |
| McAfee-GW-Edition |
2010.1D |
2011.09.05 |
PWS-Zbot.gen.js |
| Microsoft |
1.7604 |
2011.09.04 |
Trojan:Win32/EyeStye.N |
| NOD32 |
6436 |
2011.09.05 |
a variant of Win32/Kryptik.SET |
| Norman |
6.07.11 |
2011.09.04 |
W32/Suspicious_Gen2.PPEEN |
| nProtect |
2011-09-04.01 |
2011.09.04 |
Trojan/W32.Agent.289792.CR |
| Panda |
10.0.3.5 |
2011.09.04 |
Trj/CI.A |
| PCTools |
8.0.0.5 |
2011.09.05 |
Trojan.Gen |
| Prevx |
3.0 |
2011.09.05 |
- |
| Rising |
23.73.01.03 |
2011.08.30 |
- |
| Sophos |
4.69.0 |
2011.09.04 |
Mal/SpyEye-U |
| SUPERAntiSpyware |
4.40.0.1006 |
2011.09.04 |
- |
| Symantec |
20111.2.0.82 |
2011.09.05 |
- |
| TheHacker |
6.7.0.1.290 |
2011.09.03 |
- |
| TrendMicro |
9.500.0.1008 |
2011.09.03 |
- |
| TrendMicro-HouseCall |
9.500.0.1008 |
2011.09.05 |
TROJ_GEN.R3AC2HV |
| VBA32 |
3.12.16.4 |
2011.09.02 |
- |
| VIPRE |
10374 |
2011.09.05 |
Trojan.Win32.Generic!BT |
| ViRobot |
2011.9.3.4655 |
2011.09.04 |
- |
| VirusBuster |
14.0.200.0 |
2011.09.03 |
- |
|
| |
| Date: 4 Feb 2011 |
Alert Level: Green |
Malware: Spyeye |
| Description: A Spyeye malware is found to be targeting local banks in Singapore including DBS. This malicious software, which can be transmitted through compromised websites, is designed to steal private data such as user ID and pin from Internet Banking sites that the user visited. A user being asked to key in his pin and/or one-time password a few times can be an indication of Spyeye infection. Customers are reminded not to key in SMS OTP (one-time password) for transactions that they did not perform, such as adding payees or transferring funds. |
| The following screenshots show how the DBS Internet Banking website differs when used in computer that is infected by this malware. Customers are also reminded to be cautious when banking online, by verifying the legitimacy of the Internet Banking website that they are using. If you suspect that your computer has been compromised while banking online with us, please report it to our contact centre at 1800 111 1111 immediately. |
Remedy: The following list of AntiVirus software is known to be able to detect and quarantine this backdoor virus. |
| AntiVirus |
Version |
Signature date |
Virus name detected |
AhnLab-V3 |
2011.01.27.01 |
2011.01.27 |
Spyware/Win32.SpyEyes |
AntiVir |
7.11.2.71 |
2011.02.04 |
TR/Dropper.Gen |
Antiy-AVL |
2.0.3.7 |
2011.01.28 |
Trojan/Win32.SpyEyes.gen |
Avast |
4.8.1351.0 |
2011.02.04 |
Win32:Malware-gen |
Avast5 |
5.0.677.0 |
2011.02.04 |
Win32:Malware-gen |
AVG |
10.0.0.1190 |
2011.02.04 |
unknown virus Win32/DH.BA |
BitDefender |
7.2 |
2011.02.04 |
Trojan.Generic.KDV.116346 |
CAT-QuickHeal |
11.00 |
2011.02.04 |
TrojanSpy.SpyEyes.elr |
ClamAV |
0.96.4.0 |
2011.02.04 |
- |
Commtouch |
5.2.11.5 |
2011.02.04 |
- |
Comodo |
7586 |
2011.02.04 |
- |
DrWeb |
5.0.2.03300 |
2011.02.04 |
- |
Emsisoft |
5.1.0.2 |
2011.02.04 |
Trojan.Win32.EyeStye!IK |
eSafe |
7.0.17.0 |
2011.02.03 |
Win32.TRDropper |
eTrust-Vet |
36.1.8140 |
2011.02.04 |
Win32/Etap |
F-Prot |
4.6.2.117 |
2011.02.01 |
- |
F-Secure |
9.0.16160.0 |
2011.02.04 |
Trojan.Generic.KDV.116346 |
Fortinet |
4.2.254.0 |
2011.02.04 |
W32/SpyEyes.ELR!tr |
GData |
21 |
2011.02.04 |
Trojan.Generic.KDV.116346 |
Ikarus |
T3.1.1.97.0 |
2011.02.04 |
Trojan.Win32.EyeStye |
Jiangmin |
13.0.900 |
2011.02.04 |
TrojanSpy.SpyEyes.bdl |
K7AntiVirus |
9.81.3737 |
2011.02.03 |
- |
Kaspersky |
7.0.0.125 |
2011.02.04 |
Trojan-Spy.Win32.SpyEyes.elr |
McAfee |
5.400.0.1158 |
2011.02.04 |
PWS-Spyeye.m |
McAfee-GW-Edition |
2010.1C |
2011.02.04 |
PWS-Spyeye.m |
Microsoft |
1.6502 |
2011.02.04 |
Trojan:Win32/EyeStye.H |
NOD32 |
5845 |
2011.02.04 |
a variant of Win32/Spy.SpyEye.CA |
Norman |
6.07.03 |
2011.02.03 |
W32/Malware.QKUL |
nProtect |
2011-01-27.01 |
2011.02.02 |
- |
Panda |
10.0.3.5 |
2011.02.03 |
Trj/CI.A |
PCTools |
7.0.3.5 |
2011.02.04 |
Trojan-PSW.Generic |
Prevx |
3.0 |
2011.02.04 |
- |
Rising |
23.43.04.02 |
2011.02.04 |
Trojan.Win32.Generic.12779390 |
Sophos |
4.61.0 |
2011.02.04 |
Mal/Generic-L |
SUPERAntiSpyware |
4.40.0.1006 |
2011.02.04 |
- |
Symantec |
20101.3.0.103 |
2011.02.04 |
Infostealer |
TheHacker |
6.7.0.1.123 |
2011.02.02 |
- |
TrendMicro |
9.200.0.1012 |
2011.02.04 |
TSPY_SPYEYE.SMB |
TrendMicro-HouseCall |
9.200.0.1012 |
2011.02.04 |
TSPY_SPYEYE.SMB |
VBA32 |
3.12.14.3 |
2011.02.02 |
BScope.Banker.xc |
VIPRE |
8303 |
2011.02.04 |
Trojan.Win32.Generic!BT |
ViRobot |
2011.2.4.4292 |
2011.02.04 |
- |
VirusBuster |
13.6.180.0 |
2011.02.03 |
TrojanSpy.SpyEyes!ieTmgwiMnI4 |
Fake DBS Website Alerts
| Date: 19 Jan 2011 |
Alert Level: Green |
Criticality: Low |
| Description: There is a fake website found in the Internet which pretends to be associated with DBS Bank. The website www.dbsinternetbanking.org is a scam website posing as the DBS Internet Banking site. DBS Bank assures that it is not associated with this website. |
| There is a possibility for this website to evolve to a phishing site, which will then attract users to provide their account information and password. Customers are reminded to refrain from accessing this website or from providing any confidential information. |
Remember,
- DBS Bank will never ask you for your PIN number, via email or phone.
- Always type in the URL of our banking website directly into the address bar.
- Alert us immediately, if you notice unknown transactions appearing on your account. Never reply to unsolicited emails.
 |
Malware Alerts
| Date: 2 Dec 2010 |
Alert Level: Green |
Malware: Haxdoor |
| Description: This backdoor virus allows hackers to gain remote access to the users computer to phish private information such as customer ID and pin from Internet Banking sites that the user visited. |
| Transmission Method: Haxdoor can be transmitted through CD-ROMs, memory sticks, external hard drives, email messages with attachments, internet downloads, file transfers, instant messaging channels, and the like. |
| Remedy: The following list of AntiVirus software is known to be able to detect, quarantine, and/or delete this backdoor virus. |
| AntiVirus |
Version |
Signature date |
Virus name detected |
| AhnLab-V3 |
2010.11.30.00 |
2010.11.29 |
Win-Trojan/Haxdor.60256 |
| AntiVir |
7.10.14.136 |
2010.11.29 |
TR/Crypt.FSPM.Gen |
| Antiy-AVL |
2.0.3.7 |
2010.11.30 |
- |
| Avast |
4.8.1351.0 |
2010.11.29 |
Win32:Trojan-gen |
| Avast5 |
5.0.677.0 |
2010.11.29 |
Win32:Trojan-gen |
| AVG |
9.0.0.851 |
2010.11.30 |
unknown virus Win32/DH.BA |
| BitDefender |
7.2 |
2010.11.30 |
Backdoor.Haxdoor.NN |
| CAT-QuickHeal |
11.00 |
2010.11.30 |
(Suspicious) - DNAScan |
| ClamAV |
0.96.4.0 |
2010.11.30 |
PUA.Packed.FSG |
| Command |
5.2.11.5 |
2010.11.30 |
W32/Dropper.gen5 |
| Comodo |
6898 |
2010.11.30 |
Heur.Pck.FSG |
| DrWeb |
5.0.2.03300 |
2010.11.30 |
BackDoor.Haxdoor.522 |
| Emsisoft |
5.0.0.50 |
2010.11.30 |
Backdoor.Win32.Haxdoor!IK |
| eSafe |
7.0.17.0 |
2010.11.29 |
Win32.TRCrypt.Fspm |
| eTrust-Vet |
36.1.8007 |
2010.11.29 |
Win32/Haxdoor!generic |
| F-Prot |
4.6.2.117 |
2010.11.29 |
W32/Dropper.gen5 |
| F-Secure |
9.0.16160.0 |
2010.11.30 |
Backdoor.Haxdoor.NN |
| Fortinet |
4.2.254.0 |
2010.11.29 |
- |
| GData |
21 |
2010.11.30 |
Backdoor.Haxdoor.NN |
| Ikarus |
T3.1.1.90.0 |
2010.11.30 |
Backdoor.Win32.Haxdoor |
| Jiangmin |
13.0.900 |
2010.11.30 |
Backdoor/Haxdoor.mv |
| K7AntiVirus |
9.69.3115 |
2010.11.29 |
EmailWorm |
| Kaspersky |
7.0.0.125 |
2010.11.30 |
Backdoor.Win32.Haxdoor.lw |
| McAfee |
5.400.0.1158 |
2010.11.30 |
Artemis!B7D0C6A4BEB0 |
| McAfee-GW-Edition |
2010.1C |
2010.11.29 |
Heuristic.LooksLike.Win32.SuspiciousPE.C |
| Microsoft |
1.6402 |
2010.11.29 |
TrojanDropper:Win32/Bunitu.A |
| NOD32 |
5659 |
2010.11.29 |
a variant of Win32/Haxdoor |
| Norman |
6.06.10 |
2010.11.29 |
Suspicious_F.gen |
| nProtect |
2010-11-29.01 |
2010.11.29 |
Backdoor.Haxdoor.NN |
| Panda |
10.0.2.7 |
2010.11.29 |
Bck/Haxdoor.OG |
| PCTools |
7.0.3.5 |
2010.11.30 |
Backdoor.Haxdoor |
| Prevx |
3.0 |
2010.11.30 |
- |
| Rising |
22.76.00.01 |
2010.11.30 |
Trojan.Spy.Win32.Undef.GEN |
| Sophos |
4.60.0 |
2010.11.30 |
Troj/Haxdor-Gen |
| SUPERAntiSpyware |
4.40.0.1006 |
2010.11.30 |
Trojan.Agent/Gen-FSG |
| Symantec |
20101.2.0.161 |
2010.11.29 |
Backdoor.Haxdoor |
| TheHacker |
6.7.0.1.093 |
2010.11.30 |
Backdoor/Haxdoor.lw |
| TrendMicro |
9.120.0.1004 |
2010.11.30 |
TROJ_MALNTL.A |
| TrendMicro-HouseCall |
9.120.0.1004 |
2010.11.30 |
TROJ_MALNTL.A |
| VBA32 |
3.12.14.2 |
2010.11.29 |
Trojan-Droper.Win32.Goldun |
| VIPRE |
7451 |
2010.11.30 |
Trojan.Win32.Generic.pak!cobra |
| ViRobot |
2010.11.30.4176 |
2010.11.30 |
- |
| VirusBuster |
13.6.66.0 |
2010.11.29 |
Trojan.DR.Haxdoor.Gen.4 |
|
|
News and Advisories
Quick Links
|
|
|
|
|
|
 |
|
|
|
|