Essentially, banking on a live CD prevents you from becoming susceptible to Windows viruses, while at the same time loading a fresh, non-compromised OS each time. This can almost guarantee that you online banking sessions will be secure - so long as you go directly to the bank site and don't click on a dangerous links in delivered via email, etc. It's also a no-cost option which is great for SMBs.
Mr. Krebs took the time to respond to some of the publicity surrounding his article with a follow up earlier today. He responds to some reader suggestions like using limited user accounts, and dedicated computers for online banking. These practices are well-recommended but don't necessarily work against the most popular banking trojans today - Zeus and Clampi.
As noted by Krebs, "a number of today's more advanced threats - including the Zeus Trojan, a sophisticated family of malware most commonly associated with these attacks against small businesses -- will just as happily run on a limited user account as an administrator account in Windows." He also noted that Clampi can easily propogate over a Windows network.
What I found most interesting was the discussion about the Genlabs breach which netted criminals $437,000 dollars. This was done using the Zeus (Zbot) family of malware and the forensic report done after the fact highlighted a major problem with Windows based anti-virus scanning.
"Using a Windows-based scanning tool, the drive showed no infections. However, several directory trees and files could not be accessed indicating that the tools were not able to complete a 100% analysis.
...
We built a Linux-based system to repeat selected scans and analysis on the theory that Linux would bypass possible Windows-based protocols to protect and/or hide files."
The compromised system contained two variants of the Zeus trojan, the trojan that just cost them $473,000 dollars!!!
However, this got me thinking about something I hadn't ever done before. Why not boot into Ubuntu (which I currently dual-boot, any other OS besides Windows would work) and run scans from there?
Luckily, nothing was infected. This type of scan could also easily be run from a Live CD to check for any type of bot, virus or infection.
For those of you that have read this far, apologies for the long winded article. I had wanted to comment on the use of a live CD last week and ever got a chance until now. This cheap and quick alternative could certainly save a number of small and medium size companies from huge losses at the hands of criminals.
