February 09, 2004

e-gold targeted by worm

News reports from a couple of weeks back indicate that a worm called Dumaru-Y installs a keylogger that listens for e-gold password and account numbers.

ZDNet .. VNUNet .. TechTarget

This is significant in that this might be the first time that viruses are specifically targetting the DGCs with an attack on the user's dynamic activity. (MiMail just recently targeted both e-gold and Paypal users with more conventional spoofs.)

e-gold is a special favourite with scammers and thieves for three reasons: its payments are RTGS, there is a deep market in independent exchange, and e-gold won't provide much help unless with a court order. Also, it is by volume of transactions by far the largest, which provides cover for theft.

This has been thought about for a long time. In fact, one issuer of gold, eBullion, has had a hardware password token in place for a long time. Others like Pecunix have tried to set up a subsetting password approach, where only a portion of the password is revealed every time.

European banks delivered hardware tokens routinely to thwart such threats. This may have been prudent, but it also saddled these systems with excessive costs; the price of the eBullion crypto token was thought to be too high for most users.

Using viruses is a new tactic, but not an unexpected one. As with all wars, look for an escalation of tactics, and commensurate and matching improvements in security.

Posted by iang at February 9, 2004 08:57 PM | TrackBack

I've been reporting e-gold worms since June [on http://www.goldeconomy.com/]. Dumar-Y is not the first. It is about the sixth. However it does appear that there is now a financial incentive to develop these worms and viruses, which means that like SPAM, we are going to be seeing a lot more of them in the near future.

Posted by: Ken Griffith at February 11, 2004 04:57 PM