Skip to main content
Development Bank of Singapore

security

  
DBS > security > Pages > security-alerts-news.aspx  

Security Alerts & News

"POODLE" Vulnerability Information

Date: 16 October 2014 Threat Type: Security Vulnerability Alert Level: Amber Criticality: Low

Description: A vulnerability known as “POODLE” has been discovered on the SSL (Secure Sockets Layer) v3 used by Internet Explorer version 6 and below. SSL is used to establish an encrypted link between a website and a web browser (such as Internet Explorer) to keep the customer’s credentials and transactions secure. With the “POODLE” vulnerability present, an attacker will be able to take control of the customer’s SSL channel which will then allow him to steal secret information such as account details.

Who might be at risk? DBS/POSB iBanking and IDEAL websites have layered security controls such as 2FA, OTP, and mChallenge that keep online banking transactions secure. However, customers using Internet Explorer version 6 and below are still at risk of having their private information (such as web cookies, username or account details) stolen if an attacker exploits this vulnerability.

How can you protect yourself from this?

  • Customers are urged to visit the links below to download and install the latest version of popular web browsers:
  • Change your passwords regularly.
  • Do not reveal your iBanking/IDEAL username, password or token PIN to anyone.
  • Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account.

DBS Phishing Site Alert

Date: 9 October 2014 Alert Level: Amber Criticality: Medium

Description: There is a DBS phishing site found on the Internet which pretends to be the DBS Internet Banking website. The website http://www.prestasibimbel.com is a phishing site posing as the DBS Internet Banking website, designed to steal customer IDs, PINs and one time passwords.

Customers are reminded to refrain from providing any confidential information. Remember,

  • Call us immediately at 1800 111 1111 (Personal Banking) if you notice unknown transactions appearing on your account.
  • Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS.
  • DBS will never ask you for your PIN number, via email or phone.
  • Always type in the URL of DBS website directly into the address bar of your browser.

Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

 

DBS Phishing Email Alert

Date: 6 October 2014 Alert Level: Amber Criticality: Medium

Description: An ongoing phishing campaign is targeting DBS customers. In this campaign, an email will be sent to DBS customers, informing them that an enhanced account security management system has been installed and it urges customers to activate this feature by clicking on an URL inside that email; otherwise the account will be temporarily locked.

This URL brings customers to a phishing website designed to steal customer IDs, passwords, credit card details and contact information. A sample of the phishing email and website is provided for reference below.

Customers are reminded to be exercise caution when receiving suspicious emails. Remember,

  • Do not download or open attachments in suspicious emails.
  • Never reply to unsolicited emails.
  • Always type in the URL of the DBS Internet Banking website directly into the address bar of your browser, and check that the website you are accessing is the valid DBS Internet Banking website:
    • DBS iBanking - https://internet-banking.dbs.com.sg
    • DBS iDEAL - https://ideal.dbs.com
  • Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  • Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS.
  • Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signature.


Sample of the Phishing Email


Sample of the Phishing Website

 

Heartbleed Vulnerability Information

Date: 14 April 2014 Alert Level: Green Criticality: Low

Description: A vulnerability known as the Heartbleed bug as been discovered on OpenSSL implementations of SSL and TLS, which is used to encrypt communications between computers and web servers. This vulnerability allows attackers to obtain secret information such as credentials from web servers.

DBS/POSB iBanking and IDEAL do not use OpenSSL and are not vulnerable to Heartbleed. We have multiple layers of security in place to protect our customers such as 2FA for online banking transactions. Protect yourself and your iBanking/IDEAL account with the following key pointers.

  • Use different usernames and passwords for your online banking accounts from other non-banking related accounts.
  • Change your passwords regularly.
  • Do not reveal your iBanking/IDEAL username, password or token PIN to anyone.
  • Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account.
  • Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signatures.

 

DBS Malicious Email Alert

Date: 25 March 2014 Alert Level: Amber Criticality: Low

Description: There is a malicious email campaign targeting DBS customers. The email contains “Payment Advice” as the subject and informs customers that DBS has sent them a payment advice as requested. The email has a zip file attachment which contains a malware masquerading as a PDF file.

A sample of the email is provided for reference.

Customers are reminded to be exercise caution when receiving suspicious emails. Remember,

  • Do not download or open attachments in suspicious emails.
  • Never reply to unsolicited emails.
  • Always type in the URL of the DBS Internet Banking website directly into the address bar of your browser, and check that the website you are accessing is the valid DBS Internet Banking website:
    • DBS iBanking - https://internet-banking.dbs.com.sg
    • DBS iDEAL - https://ideal.dbs.com
  • Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account.
  • Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS.
  • Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signature.


Sample of the Malicious Email


 

POSB Phishing Site Alert

Date: 10 January 2014 Alert Level: Amber Criticality: Low

Description: There is a POSB phishing site found on the Internet which pretends to be the POSB Internet Banking website. The website
http://home.e-posbsg.com/index/personal/Pages/default.html is a phishing site posing as the POSB Internet Banking website, designed to steal customer IDs, Pins and one time passwords.

Customers are reminded to refrain from providing any confidential information. Remember,

  • POSB will never ask you for your PIN number, via email or phone.
  • Always type in the URL of POSB website directly into the address bar of your browser.
  • Alert us immediately, if you notice unknown transactions appearing on your account.
  • Never reply to unsolicited emails.

Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.


 

DBS Phishing Site Alert

Date: 30 July 2013 Alert Level: Red Criticality: High

Description: An ongoing phishing campaign is targeting DBS customers. In this campaign, an email will be sent to DBS customers, informing them that the DBS internet banking system will be upgraded and that they should click on a URL inside the email. This URL brings customers to a phishing website which pretends to be the DBS Internet Banking website, designed to steal customer IDs, PINs, one time passwords and contact information. Customers may also receive a call pretending to be from DBS, and request for your iB Secure PIN or informing you of transactions that you did not perform being cancelled/stopped. The phishing websites may be using various different URLs; examples are provided below.

  • http://www.theheatstore.nl/catalog/admin/Update/index.php
  • http://96.127.154.90/~kctasman/Update/index.php
  • http://villagebeads.co.nz/Update/index.php
  • http://www.arkmodel.com/DBS/
  • http://www.swordexperts.com/DBS/

A sample of the phishing email and the phishing website are provided for reference.

Customers are reminded to refrain from providing any confidential information. Remember,

  • DBS staff will NEVER ask you for confidential information via email or phone, for example:
    • PIN or iB Secure PIN;
    • Token PIN; and
    • One Time Password or Challenge and Response Codes.
  • Always type in the URL of the DBS Internet Banking website directly into the address bar of your browser, and check that the website you are accessing is the valid DBS Internet Banking website:
    • DBS iBanking - https://internet-banking.dbs.com.sg
    • DBS iDEAL - https://ideal.dbs.com
  • Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account.
  • Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS.
  • Never reply to unsolicited emails.

Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on. It is also prudent to install the latest released anti-virus signatures and operating system/internet browser security updates.


Sample of the Phishing Email



Sample of the Phishing Website

DBS Phishing Site Alert

Date: 24 July 2013 Alert Level: Green Criticality: Low
Description: There is a DBS phishing site found on the Internet which pretends to be the DBS Internet Banking website. The website http://terceirotempo.bol.uol.com.br/img/times/Welcome.html is a phishing site posing as the DBS Internet Banking website, designed to steal customer IDs, Pins and one time passwords. The website has been removed.

Customers are reminded to refrain from providing any confidential information. Remember,
  • Always type in the URL of DBS website directly into the address bar of your browser.
  • Alert us immediately, if you notice unknown transactions appearing on your account.
  • Never reply to unsolicited emails.
  • DBS will never ask you for your PIN number, via email or phone.

Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.


Malware Alert

Date: 13 Jun 2013 Alert Level: Amber Type: Zbot
Description: We have discovered a variant of Zbot malware that may affect users of the DBS Internet Banking website. This malware infects customers’ computers or devices. Once customers’ computers or devices are infected, it will show a “Security challenge” message that is not part of the DBS Internet Banking website. Here is a screenshot of what the DBS Internet Banking website will look like after a computer or device has been infected with this malware. The suspicious message is circled in red.

 
If you see any of the above messages while banking online with us, your computer or device may likely be infected with this malware. You are advised not to proceed with any transactions until your computer or device has been checked and disinfected.

Customers are reminded to remain cautious when banking online:

1) DBS will never ask for "Sign 1" of the iBSecure Device during login.
2) Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
3) Read carefully the transaction details in the SMS or email alerts. Validate that the messages reflect your transaction requests. For example, check that the account number is correct.
4) Check your last login and transaction history regularly for any abnormal transactions.
5) Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
  1. Receive SMS or email for transactions that you did not perform or account number that you do not know
  2. Experience difficulty accessing your account after you have entered your credentials or see repeated login pages asking for your login details
  3. See unfamiliar banking processes/messages such as “Security challenge such as the above screenshots
6) Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
7) For more security tips, please refer to Protecting Yourself Online

Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

Malware Alert

Date: 17 Apr 2013 Alert Level: Amber Type: Malware
Description: We have discovered a malware that may affect users of the DBS Internet Banking website. This malware infects customers’ workstations or devices. Once customers’ workstations/devices are infected, it is designed to steal customers’ information by altering the flow of the Internet Banking website when credit card related links have been selected. It will ask for “Card Expiry Date”, “CVV2 Code” or "Three-digit security code", “Cardholder Address”, “Cardholder ZIP”, “Cardholder Date of Birth” and “Password” claiming that credit card and card holder information needs to be verified. This step is not part of the DBS Internet Banking website. Please do not provide any of such information.

Below are screenshots of what the DBS Internet Banking website looks like after it is infected with this malware:

 
 
 
 
If you see any of the above changes while banking online with us, your computer or device may likely be infected with this malware. You are advised not to proceed with any transactions until your computer or device has been checked and disinfected. Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

Customers are reminded to remain cautious when banking online:

1) Never provide your credit card details in iBanking as the credit card details are only required when you do online purchases.
2) Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
3) Read carefully the transaction details in the SMS or email alerts. Validate that the messages reflect your transaction requests. For example, check that the account number is correct.
4) Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
  1. receive SMS or email for transactions that you did not perform or account number that you do not know
  2. experience difficulty accessing your account after you have entered your credentials or see repeated login pages asking for your login details
  3. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress", "Please wait…" or such as the above screenshots
5) Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
6) For more security tips, please refer to Protecting Yourself Online

Malware Alert

Date: 07 Mar 2013 Alert Level: Amber Malware: Zbot (Zeus)
Description: We have discovered different variants of Zbot (Zeus) malware that may affect users of the DBS Internet Banking website. This malware infects customers’ computers or devices. Once customers’ computers or devices are infected, the malware will attempt to steal customers’ information by altering the flow of the DBS Internet Banking website to steal login and authorisation credentials (User ID, PIN, DBS iB Secure PIN, SMS OTP and so on). It will show a rotating “Please Wait…” message and ask for the customer’s user ID, PIN and iB Secure PIN repeatedly. The suspicious message is circled in red.

 
This is typically followed by this screen:
If you see any of the above changes while banking online with us, your computer or device may likely be infected with this malware. You are advised not to proceed with any transactions until your computer or device has been checked and disinfected. Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

Customers are reminded to remain cautious when banking online:

1) DBS will never ask for "Sign 1" of the iBSecure Device during login.
2) Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
3) Read carefully the transaction details in the SMS or email alerts. Validate that the messages reflect your transaction requests. For example, check that the account number is correct.
4) Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
  1. receive SMS or email for transactions that you did not perform or account number that you do not know
  2. experience difficulty accessing your account after you have entered your credentials or see repeated login pages asking for your login details
  3. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"
5) Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
6) Do not provide your card information such as card number and card PIN in the Internet Banking login page.
7) For more security tips, please refer to Protecting Yourself Online .

Malware Alert

Date: 26 February 2013 Alert Level: Amber Type: Malware
Description: We have discovered malware that may affect the legitimacy of the DBS IDEAL website. Once customers’ computers or devices are infected, the malware will attempt to steal customers’ login and authorisation credentials (Organisation ID, User ID, PIN, Security Access Code, SMS OTP and Challenge/Response) by altering the flow of logging onto the DBS IDEAL website.

It will show a rotating “Please Wait …” message that does not exist on the DBS IDEAL website.

Here is a screenshot of what the DBS IDEAL website will look like after a computer or device has been infected with this malware. The suspicious messages are circled in red.

 
 
Customers are reminded to remain cautious when banking online:

1) Do not enter the any challenge code into your security device if you did not perform any financial transaction(s) in your account. Please note that during the log in process, you will never be asked to input a Challenge/Response.
2) Read carefully the transaction details in the SMS or email alerts. Validate that the messages reflect your transaction requests. For example, check that the account number is correct.
3) Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
4) Check your last login and transaction history regularly for any abnormal transactions.
5) Please inform our contact centre at 1800 222 2200 immediately if you encounter any of the following situations:
  1. receive SMS or email for transactions that you did not perform or account number that you do not know
  2. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"

Customers are assured that the DBS IDEAL website remains secure and is not the source of this malware.

Fake DBS Website Alert

Date: 9 February 2013 Alert Level: Green Criticality: Low
Description: There is a fake website found in the Internet which pretends to be the DBS Internet Banking website. The website http://aspectpine.co.uk/dbs/welcome.htm is a phishing website posing as the DBS Internet Banking website, designed to steal customer IDs, Pins and one time passwords.

This website has been removed. Customers are reminded to refrain from providing any confidential information. Remember,
  • DBS will never ask you for your PIN number, via email or phone.
  • Always type in the URL of DBS website directly into the address bar of your browser.
  • Alert us immediately, if you notice unknown transactions appearing on your account.
  • Never reply to unsolicited emails.

Malware Alerts

Date: 16 Jun 2012 Alert Level: Amber Malware: Zbot (Zeus)
Description: We have discovered malware that may affect the legitimacy of the DBS Internet Banking website. This malware infects customers’ computers or devices. Once customers’ computers or devices are infected, the malware will attempt to steal customers’ information by altering the flow of the DBS Internet Banking website to steal login and authorisation credentials (User ID, PIN, DBS iB Secure PIN, SMS OTP and so on). It will show a rotating “Please Wait…” message and a step called “Secure Token Validation” which asks for the customer’s iB Secure PIN repeatedly – both of which do not exist on the DBS Internet Banking website. These suspicious messages are circled in red.

 
 
 
If you see any of the above changes while banking online with us, your computer or device may likely be infected with this malware. You are advised not to proceed with any transactions until your computer or device has been checked and disinfected. Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

Customers are reminded to remain cautious when banking online:

1) Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
2) Read carefully the transaction details in the SMS or email alerts. Validate that the messages reflect your transaction requests. For example, check that the account number is correct.
3) Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
4) Do not provide your card information such as card number and card PIN in the Internet Banking login page.
5) Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
  1. receive SMS or email for transactions that you did not perform or account number that you do not know
  2. experience difficulty accessing your account after you have entered your credentials
  3. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"
6) For more security tips, please refer to Protecting Yourself Online


Remedy: The following list of anti-virus software is known to be able to detect and quarantine this type of malware.
Anti-Virus Version Signature date
AhnLab-V3 Spyware/Win32.Zbot 20120628
AntiVir TR/Crypt.XPACK.Gen 20120628
Antiy-AVL Trojan/Win32.Zbot.gen 20120628
Avast Win32:Susn-AJ [Trj] 20120628
AVG PSW.Generic9.CLKR 20120628
BitDefender Trojan.Generic.KD.641912 20120628
ByteHero Virus.Win32.Heur.c 20120613
ClamAV Trojan.Zbot-22915 20120628
Commtouch W32/Zbot.FB.gen!Eldorado 20120628
Comodo TrojWare.Win32.Kryptik.AGOY 20120628
DrWeb Trojan.Inject1.4253 20120628
Emsisoft Trojan-PWS.Win32.Zbot!IK 20120628
F-Prot W32/Zbot.FB.gen!Eldorado 20120627
F-Secure Trojan.Generic.KD.641912 20120628
Fortinet W32/Zbot.UH!tr.pws 20120628
GData Trojan.Generic.KD.641912 20120628
Ikarus Trojan-PWS.Win32.Zbot 20120628
Jiangmin TrojanSpy.Zbot.axmb 20120628
K7Anti-virus Spyware 20120627
Kaspersky Trojan-Spy.Win32.Zbot.dyij 20120628
McAfee PWS-Zbot.gen.uh 20120628
McAfee-GW-Edition PWS-Zbot.gen.uh 20120628
Microsoft PWS:Win32/Zbot.gen!AF 20120628
NOD32 Win32/Spy.Zbot.AAN 20120627
Norman W32/Injector.AQSI 20120627
nProtect Trojan/W32.Agent.319968.B 20120628
Panda Generic Trojan 20120627
PCTools Trojan.Zbot 20120628
Sophos Mal/Zbot-BRU 20120628
Symantec Trojan.Zbot 20120628
TheHacker Trojan/Kryptik.agoy 20120627
TrendMicro H2_AGENT_044167.TOMB 20120628
TrendMicro-HouseCall H2_AGENT_044167.TOMB 20120628
VBA32 Trojan.Zbot.7612 20120626
VIPRE Trojan-PWS.Win32.Zbot.af.gen (v) 20120628
ViRobot Trojan.Win32.A.Zbot.319968 20120628
VirusBuster Trojan.Kryptik!87wILK2ElVg 20120627
 
Date: 30 May 2012 Alert Level: Amber Criticality: Low
Description: We have discovered different variants of Torpig (also known as Anserin or Sinowal) malware that may affect the legitimacy of the DBS Internet Banking websites. This malware infects customers’ workstations or devices. Once customers’ workstations/devices are infected, it is designed to steal customers’ information by altering the flow of the existing Internet Banking websites of Singapore banks. It will ask for “card number”, the “signature panel code” (CVV code), “expiration date” and “ATM PIN”, claiming the computer is not recognized. In general, it will attempt to steal information from the infected computers, including all found passwords. Please do not provide any of such information. Here below is a screenshot of how the DBS Internet Banking website looks like after it is infected with this malware:
If you see any of the above changes while banking online with us, your computer may likely be infected with this malware. You are advised not to proceed with any transactions until your computer has been checked and disinfected. Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware. Customers are reminded to remain cautious when banking online. Do not provide all your card information. Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account. Protect your computer from being infected with such malware by using anti-virus software and updating it with the latest anti-virus signature. If you suspect that your computer or your bank accounts have been compromised while banking online with us, please report it to our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately.
Remedy: The following list of Anti-virus software is known to be able to detect and quarantine this type of malware.
Anti-virus Version Signature date
AhnLab-V3 Trojan/Win32.Scar 20120511
AntiVir BDS/Sinowal.nue 20120511
Antiy-AVL Trojan/win32.agent.gen 20120512
Avast Win32:Sinowal-JN [Trj] 20120512
AVG BackDoor.Generic15.ALJB 20120511
BitDefender Trojan.PWS.Sinowal.NCX 20120512
ByteHero Trojan.Win32.Heur.088 20120511
CAT-QuickHeal Backdoor.Sinowal.pzh 20120511
ClamAV - 20120512
Commtouch W32/Sinowal.AD.gen!Eldorado 20120512
Comodo TrojWare.Win32.Kryptik.SZK 20120512
DrWeb Trojan.Packed.21724 20120512
Emsisoft Trojan-PWS.Sinowal!IK 20120512
eSafe Win32.BDSSinowal.Nue 20120509
eTrust-Vet Win32/Sinowal.J!generic 20120511
F-Prot W32/Sinowal.AD.gen!Eldorado 20120511
F-Secure Trojan.PWS.Sinowal.NCX 20120512
Fortinet W32/Sinowal.BJ!tr 20120508
GData Trojan.PWS.Sinowal.NCX 20120512
Ikarus Trojan-PWS.Sinowal 20120512
Jiangmin - 20120512
K7Anti-virus Backdoor 20120511
Kaspersky Backdoor.Win32.Sinowal.pzh 20120511
McAfee Artemis!DB0BA4479277 20120512
McAfee-GW-Edition - 20120512
Microsoft PWS:Win32/Sinowal.gen!AA 20120512
NOD32 a variant of Win32/Kryptik.TEK 20120512
Norman W32/Sinowal.FSY 20120511
nProtect Trojan.PWS.Sinowal.NCX 20120511
Panda Trj/Sinowal.gen 20120511
PCTools Trojan.Anserin 20120512
Rising - 20120511
Sophos Mal/Sinowal-N 20120512
SUPERAntiSpyware - 20120512
Symantec Trojan.Anserin 20120512
TheHacker Backdoor/Sinowal.pzh 20120511
TrendMicro TROJ_GEN.R47CDDJ 20120512
TrendMicro-HouseCall TROJ_GEN.R47CDDJ 20120511
VBA32 BScope.Backdoor.Sinowal.3921 20120511
VIPRE Trojan-Dropper.Win32.Sinowal.y (v) 20120512
ViRobot - 20120512
VirusBuster Trojan.DR.Sinowal.Gen.20 20120511
 
Date: 05 Sep 2011 Alert Level: Amber Criticality: Low
Description: We have discovered different variants of Spyeye malware that may affect the legitimacy of the DBS Internet Banking websites. This malware targets Singapore Internet Banking websites which include the DBS Internet Banking website, DBS IDEAL™, DealOnline and VICKERS Online websites. It is designed to steal customers’ information by altering the “look and feel” of the existing Internet Banking websites. For instance, if the malware infects the customer's computer, the DBS Internet Banking website will look different and will ask the customer to key in his user ID, pin and one-time pin from his token all at the same time, instead of the usual login method. Here is a comparison of how the DBS Internet Banking website looks like before and after it is infected with this malware:
Another indication of the malware infection is that the internet banking website login page remains the same. However, upon login the customer will redirceted to a page that states "We are checking your security settings. Every step can take 1-10 minutes...." If you see any of the above changes while banking online with us, your computer may likely be infected with this malware. You are advised not to proceed with any transactions until your computer has been checked and disinfected. Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware. Customers are reminded to remain cautious when banking online. Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account. Protect your computer from being infected with such malware by using an anti-virus software and updating it with the latest anti-virus signature. If you suspect that your computer or your bank accounts have been compromised while banking online with us, please report it to our contact centre at 1800 111 1111 immediately.
Remedy: The following list of Anti-virus software is known to be able to detect and quarantine this type of malware.
Anti-virus Version Signature date Virus name detected
AhnLab-V3 2011.09.04.00 2011.09.04 Spyware/Win32.Zbot
AntiVir 7.11.14.92 2011.09.04 TR/EyeStye.N.1532
Antiy-AVL 2.0.3.7 2011.09.04 Trojan/Win32.SpyEyes.gen
Avast 4.8.1351.0 2011.09.04 Win32:Malware-gen
Avast5 5.0.677.0 2011.09.04 Win32:Malware-gen
AVG 10.0.0.1190 2011.09.05 PSW.Generic9.OTZ
BitDefender 7.2 2011.09.05 Trojan.Generic.KD.337313
ByteHero 1.0.0.1 2011.08.22 -
CAT-QuickHeal 11.00 2011.09.04 -
ClamAV 0.97.0.0 2011.09.05 -
Commtouch 5.3.2.6 2011.09.04 -
Comodo 9994 2011.09.04 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.09.05 Trojan.PWS.SpySweep.52
Emsisoft 5.1.0.11 2011.09.05 Trojan.Win32.Spyeye!IK
eSafe 7.0.17.0 2011.09.04 -
eTrust-Vet 7.0.17.0 2011.09.04 -
F-Prot 4.6.2.117 2011.09.04 -
F-Secure 9.0.16440.0 2011.09.04 Trojan.Generic.KD.337313
Fortinet 4.3.370.0 2011.09.04 W32/SpyEyes.MLQ!tr
GData 22 2011.09.05 Trojan.Generic.KD.337313
Ikarus T3.1.1.107.0 2011.09.05 Trojan.Win32.Spyeye
Jiangmin 13.0.900 2011.09.04 TrojanSpy.SpyEyes.eto
K7Anti-virus 9.111.5083 2011.09.02 Spyware
Kaspersky 9.0.0.837 2011.09.05 Trojan-Spy.Win32.SpyEyes.mlq
McAfee 5.400.0.1158 2011.09.05 Trojan-Spy.Win32.SpyEyes.mlq
McAfee-GW-Edition 2010.1D 2011.09.05 PWS-Zbot.gen.js
Microsoft 1.7604 2011.09.04 Trojan:Win32/EyeStye.N
NOD32 6436 2011.09.05 a variant of Win32/Kryptik.SET
Norman 6.07.11 2011.09.04 W32/Suspicious_Gen2.PPEEN
nProtect 2011-09-04.01 2011.09.04 Trojan/W32.Agent.289792.CR
Panda 10.0.3.5 2011.09.04 Trj/CI.A
PCTools 8.0.0.5 2011.09.05 Trojan.Gen
Prevx 3.0 2011.09.05 -
Rising 23.73.01.03 2011.08.30 -
Sophos 4.69.0 2011.09.04 Mal/SpyEye-U
SUPERAntiSpyware 4.40.0.1006 2011.09.04 -
Symantec 20111.2.0.82 2011.09.05 -
TheHacker 6.7.0.1.290 2011.09.03 -
TrendMicro 9.500.0.1008 2011.09.03 -
TrendMicro-HouseCall 9.500.0.1008 2011.09.05 TROJ_GEN.R3AC2HV
VBA32 3.12.16.4 2011.09.02 -
VIPRE 10374 2011.09.05 Trojan.Win32.Generic!BT
ViRobot 2011.9.3.4655 2011.09.04 -
VirusBuster 14.0.200.0 2011.09.03 -
 
Date: 4 Feb 2011 Alert Level: Green Malware: Spyeye
Description: A Spyeye malware is found to be targeting local banks in Singapore including DBS. This malicious software, which can be transmitted through compromised websites, is designed to steal private data such as user ID and pin from Internet Banking sites that the user visited. A user being asked to key in his pin and/or one-time password a few times can be an indication of Spyeye infection. Customers are reminded not to key in SMS OTP (one-time password) for transactions that they did not perform, such as adding payees or transferring funds. 
The following screenshots show how the DBS Internet Banking website differs when used in computer that is infected by this malware. Customers are also reminded to be cautious when banking online, by verifying the legitimacy of the Internet Banking website that they are using. If you suspect that your computer has been compromised while banking online with us, please report it to our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately.
DBS Internet Banking website used in a "Spyeye-infected" computer
  DBS Internet Banking website used in a “malware-free” computer

Remedy: The following list of Anti-virus software is known to be able to detect and quarantine this backdoor virus.

Anti-virus Version Signature date Virus name detected
AhnLab-V3 2011.01.27.01 2011.01.27 Spyware/Win32.SpyEyes
AntiVir 7.11.2.71 2011.02.04 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2011.01.28 Trojan/Win32.SpyEyes.gen
Avast 4.8.1351.0 2011.02.04 Win32:Malware-gen
Avast5 5.0.677.0 2011.02.04 Win32:Malware-gen
AVG 10.0.0.1190 2011.02.04 unknown virus Win32/DH.BA
BitDefender 7.2 2011.02.04 Trojan.Generic.KDV.116346
CAT-QuickHeal 11.00 2011.02.04 TrojanSpy.SpyEyes.elr
ClamAV 0.96.4.0 2011.02.04 -
Commtouch 5.2.11.5 2011.02.04 -
Comodo 7586 2011.02.04 -
DrWeb 5.0.2.03300 2011.02.04 -
Emsisoft 5.1.0.2 2011.02.04 Trojan.Win32.EyeStye!IK
eSafe 7.0.17.0 2011.02.03 Win32.TRDropper
eTrust-Vet 36.1.8140 2011.02.04 Win32/Etap
F-Prot 4.6.2.117 2011.02.01 -
F-Secure 9.0.16160.0 2011.02.04 Trojan.Generic.KDV.116346
Fortinet 4.2.254.0 2011.02.04 W32/SpyEyes.ELR!tr
GData 21 2011.02.04 Trojan.Generic.KDV.116346
Ikarus T3.1.1.97.0 2011.02.04 Trojan.Win32.EyeStye
Jiangmin 13.0.900 2011.02.04 TrojanSpy.SpyEyes.bdl
K7Anti-virus 9.81.3737 2011.02.03 -
Kaspersky 7.0.0.125 2011.02.04 Trojan-Spy.Win32.SpyEyes.elr
McAfee 5.400.0.1158 2011.02.04 PWS-Spyeye.m
McAfee-GW-Edition 2010.1C 2011.02.04 PWS-Spyeye.m
Microsoft 1.6502 2011.02.04 Trojan:Win32/EyeStye.H
NOD32 5845 2011.02.04 a variant of Win32/Spy.SpyEye.CA
Norman 6.07.03 2011.02.03 W32/Malware.QKUL
nProtect 2011-01-27.01 2011.02.02 -
Panda 10.0.3.5 2011.02.03 Trj/CI.A
PCTools 7.0.3.5 2011.02.04 Trojan-PSW.Generic
Prevx 3.0 2011.02.04 -
Rising 23.43.04.02 2011.02.04 Trojan.Win32.Generic.12779390
Sophos 4.61.0 2011.02.04 Mal/Generic-L
SUPERAntiSpyware 4.40.0.1006 2011.02.04 -
Symantec 20101.3.0.103 2011.02.04 Infostealer
TheHacker 6.7.0.1.123 2011.02.02 -
TrendMicro 9.200.0.1012 2011.02.04 TSPY_SPYEYE.SMB
TrendMicro-HouseCall 9.200.0.1012 2011.02.04 TSPY_SPYEYE.SMB
VBA32 3.12.14.3 2011.02.02 BScope.Banker.xc
VIPRE 8303 2011.02.04 Trojan.Win32.Generic!BT
ViRobot 2011.2.4.4292 2011.02.04 -
VirusBuster 13.6.180.0 2011.02.03 TrojanSpy.SpyEyes!ieTmgwiMnI4

Fake DBS Website Alerts

Date: 19 Jan 2011 Alert Level: Green Criticality: Low
Description: There is a fake website found in the Internet which pretends to be associated with DBS Bank. The website www.dbsinternetbanking.org is a scam website posing as the DBS Internet Banking site. DBS Bank assures that it is not associated with this website.
There is a possibility for this website to evolve to a phishing site, which will then attract users to provide their account information and password. Customers are reminded to refrain from accessing this website or from providing any confidential information.
Remember,
  • DBS Bank will never ask you for your PIN number, via email or phone.
  • Always type in the URL of our banking website directly into the address bar.
  • Alert us immediately, if you notice unknown transactions appearing on your account. Never reply to unsolicited emails.

Malware Alerts

Date: 2 Dec 2010 Alert Level: Green Malware: Haxdoor
Description: This backdoor virus allows hackers to gain remote access to the users computer to phish private information such as customer ID and pin from Internet Banking sites that the user visited.
Transmission Method: Haxdoor can be transmitted through CD-ROMs, memory sticks, external hard drives, email messages with attachments, internet downloads, file transfers, instant messaging channels, and the like.
Remedy: The following list of Anti-virus software is known to be able to detect, quarantine, and/or delete this backdoor virus.

Anti-virus Version Signature date Virus name detected
AhnLab-V3 2010.11.30.00 2010.11.29 Win-Trojan/Haxdor.60256
AntiVir 7.10.14.136 2010.11.29 TR/Crypt.FSPM.Gen
Antiy-AVL 2.0.3.7 2010.11.30 -
Avast 4.8.1351.0 2010.11.29 Win32:Trojan-gen
Avast5 5.0.677.0 2010.11.29 Win32:Trojan-gen
AVG 9.0.0.851 2010.11.30 unknown virus Win32/DH.BA
BitDefender 7.2 2010.11.30 Backdoor.Haxdoor.NN
CAT-QuickHeal 11.00 2010.11.30 (Suspicious) - DNAScan
ClamAV 0.96.4.0 2010.11.30 PUA.Packed.FSG
Command 5.2.11.5 2010.11.30 W32/Dropper.gen5
Comodo 6898 2010.11.30 Heur.Pck.FSG
DrWeb 5.0.2.03300 2010.11.30 BackDoor.Haxdoor.522
Emsisoft 5.0.0.50 2010.11.30 Backdoor.Win32.Haxdoor!IK
eSafe 7.0.17.0 2010.11.29 Win32.TRCrypt.Fspm
eTrust-Vet 36.1.8007 2010.11.29 Win32/Haxdoor!generic
F-Prot 4.6.2.117 2010.11.29 W32/Dropper.gen5
F-Secure 9.0.16160.0 2010.11.30 Backdoor.Haxdoor.NN
Fortinet 4.2.254.0 2010.11.29 -
GData 21 2010.11.30 Backdoor.Haxdoor.NN
Ikarus T3.1.1.90.0 2010.11.30 Backdoor.Win32.Haxdoor
Jiangmin 13.0.900 2010.11.30 Backdoor/Haxdoor.mv
K7Anti-virus 9.69.3115 2010.11.29 EmailWorm
Kaspersky 7.0.0.125 2010.11.30 Backdoor.Win32.Haxdoor.lw
McAfee 5.400.0.1158 2010.11.30 Artemis!B7D0C6A4BEB0
McAfee-GW-Edition 2010.1C 2010.11.29 Heuristic.LooksLike.Win32.SuspiciousPE.C
Microsoft 1.6402 2010.11.29 TrojanDropper:Win32/Bunitu.A
NOD32 5659 2010.11.29 a variant of Win32/Haxdoor
Norman 6.06.10 2010.11.29 Suspicious_F.gen
nProtect 2010-11-29.01 2010.11.29 Backdoor.Haxdoor.NN
Panda 10.0.2.7 2010.11.29 Bck/Haxdoor.OG
PCTools 7.0.3.5 2010.11.30 Backdoor.Haxdoor
Prevx 3.0 2010.11.30 -
Rising 22.76.00.01 2010.11.30 Trojan.Spy.Win32.Undef.GEN
Sophos 4.60.0 2010.11.30 Troj/Haxdor-Gen
SUPERAntiSpyware 4.40.0.1006 2010.11.30 Trojan.Agent/Gen-FSG
Symantec 20101.2.0.161 2010.11.29 Backdoor.Haxdoor
TheHacker 6.7.0.1.093 2010.11.30 Backdoor/Haxdoor.lw
TrendMicro 9.120.0.1004 2010.11.30 TROJ_MALNTL.A
TrendMicro-HouseCall 9.120.0.1004 2010.11.30 TROJ_MALNTL.A
VBA32 3.12.14.2 2010.11.29 Trojan-Droper.Win32.Goldun
VIPRE 7451 2010.11.30 Trojan.Win32.Generic.pak!cobra
ViRobot 2010.11.30.4176 2010.11.30 -
VirusBuster 13.6.66.0 2010.11.29 Trojan.DR.Haxdoor.Gen.4
Banking Safely - Security & You