F-Secure warns computer users of an upsurge in attacks against banking sites, targeting personal user data. These attacks use a new generation of malicious codes in a technique called “Man in the Browser”.
Historically, cyber criminals have always sought ways of stealing the personal and banking data of web users. The techniques used by these criminals have become more sophisticated in order to adapt to the growing sophistication of the security solutions. It started with software that was capable of retrieving the data typed into the computer keyboard (“keyloggers”), and then more complex mechanisms arrived on the scene, such as phishing and pharming.
Phishing uses emails that the sender disguises to look as if they come from a financial establishment. When the web user clicks on the link contained in the mail, he finds himself on a bogus site that imitates that of his bank, and which retrieves his personal banking data.
Pharming consists in automatically redirecting the web user to a false site (imitating the site of his bank) when the user wishes to visit the real site, but without the user having to click on a link of any kind, since the usurping of the address takes place at Internet level. The “Man in the Middle” technique consists in the cyber criminal pretending to be the bank’s site, intercepting the data passed by the user, and then using that data to access the real bank site to gain access to the account.
The latest technique used for these attacks is known as “Man in the Browser”. Once the PC has been infected, the malicious code is only triggered when the web user visits his online bank site. This type of malware is capable of retrieving the information (login and password) that is entered by the web user on the real web page of the bank site by intercepting the HTML code on his web browser. This personal data is then sent directly to an FTP site where the cyber criminal stores it, before selling it on to the highest bidder on other web sites used by cyber-criminals.
Security products using behavioral analysis are the best solution against such attacks, as the malicious codes are designed specifically for certain banking sites. They are not distributed en masse, unlike attacks using phishing. This restricted distribution constitutes a real challenge for security software publishers when it comes to referencing these viruses and using signature recognition.