These people are often recruited through "work from home" advertisements or contacted by recruiters after placing resumes on popular employment sites. These mules are directed to open personal or business bank accounts to receive the fraudulent money transfer, and within a couple of days, or even hours, the money is deposited and the mule is directed to immediately forward a portion of the money to recipients overseas, typically in Eastern Europe, via wire-service transfers such as Western Union or Moneygram.
Compromised computers used in online banking have gotten the attention of the Financial Services Information Sharing and Analysis Center (FS-ISAC), a group whose mission is to provide a forum where its members, which include Citigroup, Bank of America, Goldman Sachs and Merrill Lynch among others, can discretely share security concerns and keep direct contact with federal officials.
FS-ISAC has gone so far as to send out a notice telling its membership to only interact with business customers via computers without browser and e-mail capability. It was an awkwardly worded recommendation that was later clarified to mean a "PC dedicated to online banking," Litan says. But she regards this as inadequate.
Other recent activity in the federal government sector includes a symposium organized by the Federal Deposit Insurance Corp last month on the threat of hijacked computers and cybercrime to business.
"The user workstation is the weak point," says Joe Stewart, director of malware analysis at SecureWorks, who has done extensive work looking at sophisticated botnet-based Trojans such as ZeuS and Clampi designed to hijack the victim's computer and execute unauthorized financial transactions by stealing online credentials and account information.
The basic architecture of online banking was designed without the idea that the user would encounter this type of malicious Trojan, he notes, adding, "In that sense, this paradigm of banking is broken."
Since the known banking Trojan malware is Windows-based — "there are no Mac banking Trojans yet," Stewart says — he views the situation today as largely one centering on Windows-based machines. "I wouldn't recommend banking online with Windows."
Read more about wide area network in Network World's Wide Area Network section.