http://news.bbc.co.uk/hi/english/sci/tech/newsid_894000/894253.stm

[Comment: Article bases on trojans as "weapons" of penetrating into
bankaccounts.  They are so easy to use, and with some social
engineering they can be easily send to innocent persons. The funny
quote is "Anyone with a GCSE in computer science could use these tools
to hack into a bank account". Altought i don't know for sure what is
GCSE (we use different ranking system in country where I live), it is
absurd to connect that kind of knowledge (again if I'm not mistaken)
with easy usage of trojan horses. And another thing is that Mr. Gary
Chapman who said this GCSE/trojan thing is entitled as a "former
hacker"].


'Trojans' open online accounts

Is it safer to bank online or offline?

By BBC News Online internet reporter Mark Ward 

An investigation into
online banks has revealed how vulnerable they are to malicious hackers
looking to steal the identity of customers.

Working with former hacker Gary Chapman, the BBC's Newsnight revealed
the methods that computer criminals could use to commit an internet
bank robbery.

Mr Chapman planted a snooping program on the computer of presenter Sue
Nelson and used the information it gathered to assume her online
identity.

The banks say they are already beefing up security to limit the risk
to consumers and make it harder for hackers to steal passwords and
identities.

Newsnight presenter Sue Nelson set up online accounts at four banks-
Barclays, NatWest, Egg and Lloyds - to test their security.

She found that it was possible for a determined hacker to steal her
password and login details for three of the four accounts.

Password no protection

Former hacker Gary Chapman helped her show up the weaknesses in online
security by sending Ms Nelson an email message which contained a
"trojan" or hidden program.

Like the legendary wooden horse of Troy that concealed a dangerous
payload, the seemingly innocuous e-mail message contained a hidden
malicious program.

Almost any type of computer program can be used as a trojan and many
computer viruses spread themselves in this way.

But for Newsnight Mr Chapman concealed a program that logs every key-
press made on a computer's keyboard and sends it to the malicious
hacker.

When the legitimate bank account holder goes online and types in their
password the trojan sends the information to the hacker who can later
pose as the customer and steal all the money.

Key logging programs are available on the internet.

"Anyone with a GCSE in computer science could use these tools to hack
into a bank account," said Mr Chapman.

Called to account

Already malicious hackers are trying to use these techniques to
collect passwords and pillage accounts.

Earlier this month security experts warned of a variant of the Love
Bug virus which targeted those who have online accounts with Swiss
Bank.

Thankfully the badly engineered program, known as VBS/LoveLetter.bd,
seems to have failed to harvest any login details and no accounts are
believed to have been rifled.

The hardest part for hackers is getting users to open the e-mail
message containing the trojan.

Outbreaks of computer viruses have made people wary of opening
messages they are not expecting and has led many to turn off the
systems that let trojans install themselves.

Peter Sommer, a expert on computer evidence and security at the LSE,
said: "If customers want to protect themselves they have to learn
rather more about computer security and that tends to become rather
complicated."

In the wake of the revelations banks are keen to reassure customers
that their finances are in safe hands

A spokeswoman for Barclays said it was introducing new security
measures later this year which would make it harder for a trojan-type
attack to succeed.

"We have been a bank for a long time," she said, "There have always
been fraudsters and we are always working to be one step ahead of
them."