Another virus alert is doing the rounds, but this one comes with a new twist that financial institutions and their customers might find a bit closer to home than usual. The new virus is a variant of the Love Letter and Resume viruses that did the rounds a few months ago. Like many viruses it spreads by using the address book of MicrosoftÆs Outlook, but this one also downloads a piece of password-stealing software that was designed specifically to get information from account holders at Union Bank of Switzerland AG (UBS).
But there are only several conditions where customerÆs accounts could be compromised, according to the bank. Firstly it only attacks a particular software module not used by the majority of customers. ôWeÆve analysed the program and it seems that itsÆs been specifically designed to attack UBS PIN software,ö says a spokesperson from UBS in Basel, Switzerland. But she says users are only at risk if they didnÆt comply with recommendations that the sensitive data be stored on a floppy disk and not the computerÆs hard drive.
The bank says it will be informing customers of the problem and if it finds that any have had their details compromised it would block their accounts for the moment. But it said that up to now it had no knowledge of any cases.
The virus comes as an email attachment named "resume.txt.vbs". A previous Love Letter version also had a resume, but the new resume is in German and represents a job applicant in Zurich. Once the attachment has been opened it attempts to download a password stealing program named ôhcheck.exeö. If it succeeds the virus will execute the file the next time the user starts their computer. The program then looks for a UBS PIN module and attempts to steal scratch list numbers and send them to three specific e-mail addresses.
Although this one only attacks UBS customers, because many viruses spawn copycat attacks there is some concern that other viruses might emerge that are targeted at financial institutions.
But David Banes, Regional Manager of the Symantec AntiVirus Research Center for Asia Pacific says the techniques and ideas are not new. ôItÆs just a combination of technologies thatÆs a bit more high profile because itÆs targeting a bank.ö
Banes says he expects that the writer of this virus will soon be caught if they were indeed trying to get the passwords for their own use. ôItÆs a bit short sighted,ö he said. With the latest tracking methods itÆs becoming easier to identify the orginators of this kind of virus, particularly if thereÆs the political and financial will to do so.
And you can bet UBS will be angry enough about the attack to do whatever it takes. The FBI, too, are said to be investigating the case and have shut down the three US-based free email accounts that the virus attempts to send information to.
