NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0349 Man-In-The-Browser is New Threat to Online Banking:


F-Secure says that criminals infecting PCs with malware that is only triggered when they access their bank accounts are the latest threat to online banking. Perpetrators act as a 'man in the browser' by intercepting HTML code in the web browser. As bank security measures curb more traditional threats such as keystroke logging, phishing, and pharming, F-Secure warned, the 'man in the browser' attack will increase. Once a user's PC is infected, the malicious code is only triggered when the user visits an online bank. The 'man in the browser' attack then retrieves information, such as logins and passwords, entered on a legitimate bank site. This personal data is sent directly to an FTP site to be stored, where it is sold to the highest bidder. The chief research officer at F-Secure says that security products using behavioral analysis were the best solution against such attacks, because the malware was only distributed to the users of specific banking sites. This meant anti-malware software vendors were unlikely to be able to quickly release code to tackle all the new threats.

(ComputerWorld 27NOV07)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Wednesday, 23-Jan-2008 19:06:54 EST