Your browser is obsolete!

The page may not load correctly.

Anti-virus fallacies

Антивирусная неправда

Other issues in this category (37)
  • add to favourites
    Add to Bookmarks

How to read news posts

Read: 794 Comments: 2 Rating: 7

According to SüddeutscheZeitung, criminals mounted an attack against O2-Telefonica’s subscribers, and, consequently, a number of customers saw their bank accounts drained. In the course of the attack, the hackers exploited an SS7 protocol vulnerability and intercepted two-factor authentication codes.

News about SS7 vulnerabilities have drawn considerable attention from the general public: indeed, many banks use SMS messages to confirm transactions. With criminals able to interfere with this procedure, the money transfer process can be paralysed completely. SMS messages are used to confirm a transaction—without them a money transfer can't be completed. However, in order to change a transaction amount or destination, hackers need to do more than just intercept an SMS.

The two-stage attack occurred in January 2017. During the first phase, the miscreants infected the computers they targeted with a banking Trojan that stole bank account logins and passwords, as well as mobile phone numbers, and checked user account balances.

During the second phase, the hackers logged in under the victims' accounts—often at night to reduce the probability that their actions would be discovered—and transferred money using the confirmation codes they intercepted from the SMS confirmations.

Now, let’s look at what actually happened. Criminals compromised a banking infrastructure, deployed a Trojan and performed their tasks from within the compromised network. The intercepted short messages were only necessary to confirm the transactions. Thus, it was not the intercepted messages that made the money theft possible but a trivial malware infection, and not a protocol vulnerability but a failure on the part of the anti-virus in use. Yet, news posts instead emphasise the vulnerability, omitting the actual reasons behind the attack—which must have come as a relief to those responsible for the shortcomings in their anti-virus’s defences.

#online_banking #hacking #SMS #cyber-crime

Dr.Web recommends

  1. If you come across a news post of this kind, make the effort to read it to the very end. It may turn out that the headline has almost nothing to do with what actually happened.
  2. News reports of this kind benefit companies that strive to sell additional software or services. But will this help change the situation for the better? That is unlikely.
  3. Information security is not only about an anti-virus. Proper software configuration, timely updates and restricted user permissions are also important—that's what we are always writing about in the Anti-virus Times. And despite our efforts, these factors cause security problems over and over again. Re-read our past issues and you'll see that for yourself.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.


Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.