The secret eavesdropper
Several years ago, phishing was the method most commonly used by criminals to get their hands on online-banking login details. Today however, very complex malware has become the method of choice. The prevalence of malware targeted at victims’ bank accounts has grown to such a massive extent that two terms have been established to classify it: Financial malware and banking trojans. The latest versions of this malware rely on a particular form of the “man in the middle” attack, the so-called “man in the browser”.
“Man in the middle” means that the communication between two partners (you and and your bank, for instance) is intercepted, making it possible to eavesdrop and also manipulate. In the case of “man in the browser” attacks, this is performed directly in your browser. This is why SSL encryption intended to protect you from conventional “man in the middle” attacks, is ineffective.
Financial malware usually injects itself into running browser processes and thus gains full control. This means that financial malware not only knows which websites you open and exactly what you are doing on these sites – including all user details and passwords that you type in – but is also able to manipulate the website displayed, without your knowledgebase. This is particularly harmful to you as a victim, if transfers you make are manipulated and redirected to other accounts. Even existing forms on bank websites can be subtly modified so that more than one TAN can be requested. These TANs and the copied login details enable the criminals to gain full control of your account.
The victims have little or no chance
There are a number of inter-connected reasons why attacks on online accounts are so popular. The criminals gain immediate access to an account, which leads them directly to their goal: Money. The nasty thing about all of this is that their access often remains unnoticed for a long time. There are several reasons for this:
- Lack of security software, no real-time protection or no behavior blocker
The days when opening a dubious e-mail attachment was the primary source of infection are a thing of the past. Today, it is most often vulnerabilities in commonly used applications such as the Java run-time environment, Adobe Acrobat and Flash Player or Microsoft software such as Windows or Internet Explorer that are exploited.When using outdated, un-patched software, all it takes is a visit to a specific web page to become infected. It doesn’t necessarily even have to be a shady website from the dark side of the internet. There are cases reported on a regular basis of exploits being served over advertising networks as well as popular websites such as news portals.If a computer is directly connected to the Internet, i.e. without using a router or a firewall, it is left vulnerable to direct attacks from the outside. Your computer can be infected without you ever noticing it. Free security software usually doesn’t provide essential real-time protection components. These include, for example, an effective behavioral analysis system that reliably detects new and unknown malware variants that are frequently installed via such vulnerabilities. If you only rely on weekly cleaning with free virus or malware scanners, you may as well publicly post your account details including your TAN list on Facebook.
- Even encrypted connections are not enough
Some forums and security guidelines recommend following various “Golden rules” that will ensure the security of your online transactions. One such common tip: Use encrypted connections (https as in “secure”) for online banking in particular. Unfortunately, this procedure is of no use against the latest methods such as “man in the browser” that are used by financial malware. This malware targets the browser itself directly, and encrypted connections such as SSL and TSL merely protect the transmission between your browser and your bank’s server. Imagine you are speaking on a secure telephone line: This is of little use if a spy has installed a microphone directly into your handset. - The layout of online-banking websites is manipulated
Some financial malware variants wait for users to make transactions in order to then manipulate these in a targeted manner. You are, for instance, transferring the next month’s rent and enter your TAN. The transactions proceed as usual, but the target account number is being modified. The money will be sent to a so-called “money mule”. This is a third person who unknowingly helps the criminal to get their hands on the stolen money and therefore gets a commission. Your current account balance will be manipulated in such a way that the modified transaction remains unnoticed. When showing your current account balance, the fake target account number is again replaced by your landlord’s account number. Weeks usually go by before your landlord gives you a call. Enough time to raid your account, and it is virtually impossible to cancel the transfers.
Online-banking – the safe way!
Although it may not sound promising so far, it is, of course, possible to use online banking securely. However, we strongly recommend the use of a capable security suite such as Emsisoft Internet Security Pack. This includes Emsisoft Anti-Malware and Emsisoft Online Armor and consists of the following excellent features:
- Emsisoft Anti-Malware’s extremely powerful dual-engine scanner is updated hourly. Even many new malware outbreaks and variants can thus be detected reliably.
- Emsisoft Anti-Malware’s behavior blocker and Emsisoft Online Armor’s proactive HIPS protection features continually monitor all active programs and raise an immediate alarm as soon as a suspicious action takes place. Thus, attempts at manipulation of the browser by financial malware are detected immediately and safely blocked. Monitoring of the “hosts” file avoids attempts to redirect domains to malware-infested servers.
- Emsisoft Anti-Malware’s surf protection prevents you from accessing thousands of harmful websites. The list of malware and phishing hosts is updated every hour, meaning many dangers are averted before you even encounter them.
- Emsisoft Online Armor is aimed at experienced users and provides control over all Internet connections. If malware attempts to contact a server, e.g. to send data such as stolen TANs, you are immediately alerted and able to block it from doing so.
Emsisoft Anti-Malware’s surberb online-banking protection has been confirmed by the independent anti-virus testing agency MRG-Effitas. In an extremely complex test, typical attack vectors of financial malware such as several variants of Zeus, Citadel and SpyEye, were simulated.
Several methods of distribution were simulated, including downloading via Internet Explorer or by using a USB stick. In order to pass a test phase, the minimum requirement was that a tested program had to interrupt the transmission of the recorded banking data.
The appalling result: Only 4 out of 32 tested programs managed to pass all tests without any user interaction. At the forefront is Emsisoft Anti-Malware which immediately detects the execution of malware and blocks it reliably. Financial malware doesn’t even have the chance to infect your computer, let alone record your data. Read the detailed test report here.
Have a nice (malware-free) day!
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialYour Emsisoft Team
www.emsisoft.com