Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Trojan attacks two-factor internet banking authentication systems.

Tier-3 : 30 January, 2008  (Technical Article)
Silentbanker Trojan creates man-in-the-middle intermediary to intercept and decode internet banking two-factor authorisation codes.
Tier-3, the behavioural analysis IT security specialist, says that a new Trojan, spotted in various forms by Symantec in recent weeks, now poses a potentially serious threat to most authentication systems being rolled out by banks to protect their electronic customers.

'Most of the banks' two-factor authentication systems centre around the use of a customer-supplied password, plus a unique, one-time code generated by an electronic token such as a SecurID unit or a user's mobile phone,' said Geoff Sweeney, CTO of Tier-3.


'This new Trojan, Silentbanker, allows hackers intermediary access to the information stream from the user, allowing them to create a man- in-the-middle type attack during an e-banking session. This effectively counters the protection afforded users by the two-factor authentication technology,' he added.

The good news, says Sweeney, is that provided users keep their IT security software up to date, the software should spot the Trojan as it attempts to infect the users' PC.

'The danger is that hackers will develop several variations on a theme with this and other Trojans, generating the Trojan equivalent of a series of zero-day attacks. At that point, the efficacy of conventional security software starts to wane,' he explained.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo