Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Anti-Malware Evading Keylogging Software Hits Chilean Banks

Imperva : 07 June, 2011  (Technical Article)
Imperva highlights increases in Boy-In-The-Browser attacks affecting banking customers with ability to evade anti-malware software
Anti-Malware Evading Keylogging Software Hits Chilean Banks

Imperva warns Boy-in-the-Browser (BITB) attacks are gaining force as they continue to evade traditional anti-malware software.


Tomer Bitton, from the Imperva Application Defence Centre, explains, “Many are familiar with Man-in-the-Browser (MitB) attacks, but most are unaware of the lesser known Boy-in-the-Browser (BitB). Not as sophisticated as MitB, BitB malware has evolved from traditional key loggers and browser session records. The recent spate of BitB trojans that targeted Chilean banks, and their customers, demonstrates that this type of attack is gaining force and continues to evade traditional anti-malware software.”


Talking you through the steps of an attack, Tomer outlines how it shapes up, “It all starts with a simple, innocent-looking phishing email that encourages the user to click a link to visit a website for more details. However, rather than then asking the user to divulge personal details – which most are now wise to, it instead tells the user that they need to download the latest version of Adobe Flash Player to view the page. Most users will be duped into believing this and will click the link.


“However, rather than receiving the latest version of Flash, they’re actually downloading malware.


“Once "installed" the flash-player Trojan writes itself to the registry, then asks the user to “Run” the programme, which allows it to survive the reboot and infects the machine. To avoid detection, the Trojan creates the new hosts file as read-only file.”


Explaining the consequences of having infected the machine with the malware, Tomer continues, “From this point, the malware overwrites the users file mapping of hostnames (URL) to network address (IP) mechanism. The next time the user tries to connect to a banking application, or other frequently visited URL, the Trojan instead redirects the user to a fake site controlled by the criminals, which mimics the real site. Often it is so cleverly done that the user would struggle to tell the difference. However it is here that the credentials are stolen, or the user is duped into completing a bogus transaction.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo