New Malware Attacks Target Online Banking
February 3, 2012 by UPI - United Press International, Inc.
LONDON, Feb. 2 (UPI) — Computer criminals have found a way to hack their way past the latest generation of online banking security techniques, British researchers say.
In the scheme, account holders are tricked by an offer of training in a new “upgraded security system” after being logged into the bank’s real site, after which money is moved out of their account but evidence of the theft is invisible to the user, the BBC reported Thursday.
The scam involves what has been dubbed the Man in the Browser attack, or MitB, where the malware the user has been tricked into downloading lives in their Web browser and can get between the user and the bank Web site, altering what is seen and changing details of what is being entered.
Some versions of the MitB will change payment details and amounts and can also change on-screen balances to hide its activities, experts said.
“The man in the browser attack is a very focused, very specific, advanced threat, specifically focused against banking,” said Daniel Brett of malware testing lab S21sec.
Every time a new update to the malware is released, it takes security companies a number of weeks to learn how to spot it, he said.
Online banking fraud losses totaled $27 million in the first six months of 2011, a Financial Fraud Action U.K. spokesman said.
But banks are taking action against such scams, FFA’s Mark Bowerman said.
“We’ve got intelligent fraud detection software, and it’s used to seeing how you operate your online bank account.
“Any deviations from the norm and the software is going to pick it up — that may be the type of transaction you’ve made or the amount,” he said.