Friday, April 18, 2008

ID Theft

The Next Level

The folks at Symantec are concerned about Trojan.Silentbanker, and I can't blame them. This Trojan horse program performs "man-in-the-middle" attacks between users and more than 400 banks. Running on the user's computer, the Trojan monitors the use of Web sites, looking for banks it can manipulate. It reads data coming from the bank and instructions sent by the user, and modifies fields in user instructions such as the account destination of transfers.

In a recent posting on its Security Response blog, Symantec notes that Trojan.Silent-banker can even attack sites that require two-factor authentication (generally in the form of one-time password tokens). Really, this isn't surprising or even all that impressive. Once a Trojan is in the position to intercept and modify form fields, it follows that it could do so with the one-time password, which is just another form field.

This level of compromise requires a malware infection on your PC. Conventional phishing sites, which do not incorporate malware, can attempt to fool you, but they attack only one bank at a time. This particular Trojan has weakness, such as looking at specific addresses for updates, that will help to limit it.

Your best defense ( say it with me, guys) is to keep antivirus software up to date and not to run executables you get from strangers.

No comments: