ComputerWorld has a scary article about the strategies being utilized by some of the more advanced trojans to bypass SSL and even the most advanced authentication. Among the strategies they are using:

• Stealing passwords via keystroke loggers, plus taking screen shots of secondary authentication mechanisms like on-screen keyboards.
• Creating a man-in-the middle site on the users own computer and using that to harvest credentials, while still proxying them on to the real site.
• And, my favorite, using the existing authenticated channel to the bank:

The Trojan then manipulates the underlying transaction, so that what the user thinks is happening is different from what’s actually transpiring on the site’s servers…When the user successfully authenticates, the Trojan opens a hidden browser window, reads the user’s account balance, and creates another hidden window that initiates a secret transfer.

I may be transferring all my money to First National Bank of the Mattress soon.

How SSL-evading Trojans Work

Post a Comment...