Gauss Malware in Lebanon

Gauss Malware, a white paper by Kaspersky.

http://www.securelist.com/en/blog?weblogid=208193767

BLOM Bank eBanking uses OTP (One TIme Password) which renders this malware useless. Without the second factor authentication developed by BLOM Bank, the passwords collected by Gauss are useless.

Of all the banks listed in the white-paper, BLOM Bank is the only one who uses OTP, a second factor authentication; based on something you have, rather than only on something you are.

An OTP is a One Time Password, which proves you are the person using the traditional password you have. Basically each time you want to sign in, the system sends you a unique OTP to be used in conjunction with your password. Both are required to be able to successfully login.

No OTP:
* Byblos Bank https://www.byblosonline.com/
* Bank Of Beirut https://www.bob-onlinebanking.com/onlinebankinglebanon/
* eBLF http://eblf.com/en/English-Home
* FransaBank https://ebanking.fransabank.com/
* Credit Libanaise https://creditlibanais.com.lb/myCL1/loginform.jsp

OTP:
* BLOM Bank https://eblom.blombank.com/

This is by no means an indication that your credentials are safe if you are infected with Gauss.

REMEMBER: You should always use different passwords for different sites. Sharing passwords is a BIG NO NO.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s