Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Financial Malware Targets French Free Service Provider

Trusteer : 26 January, 2012  (Technical Article)
Trusteer details the latest financial malware Carberp which targets on-line banking users on the Free French ISP using Man in the Browser attacks
Financial Malware Targets French Free Service Provider
Last year, Carberp emerged on the online banking fraud scene as a competitor to the dominant financial malware platforms Zeus and SpyEye. Trusteer recently discovered a configuration of Carberp that targets Free, a French broadband Internet service provider (ISP). The attack is designed to steal debit card and bank information using a Man in the Browser (MitB) attack.

Free offers an ADSL service, called Freebox, to its customers. When subscribers visit their online account page Carberp launches an HTML Injection attack after the user has logged-in. The victim is presented with a page that claims Free is having a problem processing their monthly subscription payments with the financial institution, and  requests that the user update their payment account details.

The malware then asks the user to submit their payment card number, expiration date, security code (CVV2), bank name, bank address, zip code and city. The victim is told that this information must be updated in order to make monthly payments and maintain their service.

“This latest Carberp attack is another example of fraudsters moving downstream from online banking applications to web sites that process debit and credit card payments”, said Tanya Shafir, researcher at Trusteer. “By launching MitB attacks that target customers of third party service providers, rather than the banks themselves, fraudsters can prey on the trust established between the victim and a non-financial entity like an ISP. Furthermore, most of us are extremely reliant on broadband services for work, entertainment, and shopping. When faced with the prospect of having our Internet connection turned off for not paying the monthly bill, it is easy to see how even the most security conscious users could fall prey to this type of scam.”

Fraudsters continue to demonstrate both creativity and resourcefulness in their choice of targets. As financial institutions tighten the security around their online banking applications, Trusteer expects criminals will increasingly target customers that pay for third party services on line. Stealing credit and debit card information allows them to commit low risk and high reward card not present fraud.

“The one variable that does not change whether a MitB attack targets an online banking application or an ISP account management application is the scene of the crime. In both situations, the fraud is made possible by hijacking the web session at the endpoint. Whether the target website belongs to a wireless phone company, newspaper publisher, grocery store, etc., doesn’t matter. Protecting the browser is key to defeating the next attack being dreamed up by fraudsters,” said Shafir.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo