We security folks always tell you that if you want to transactonline safely, you should type the address of the financial institutionin the browser instead of following a link, you should enter yourpersonal information only in trusted sites that use encryption, youneed to check that the little padlock in the corner of your browser islocked, you also need to verify the digital certificate is valid andmatches the site you want to visit, etc... Well, that’s not enough!
Recently we analysed a Trojan horse program (Infostealer.Banker.D)that, uses some cunning creativity. Using an HTML injection technique,it is capable of fooling even those who practice the standardprecautionary measures against online fraud.
When the user of an infected computer goes to the login page ofcertain websites, the Trojan intercepts the HTML page, checks forcertain blocks of...
These days it is quite common to receive bogus email alerts purporting to come from security companies, informing you about some apparent infection on your computer and telling you to install software or an update (attached to the email) to clean your computer. We have all seen them and now, most of us simply ignore them. In most cases, helpful spam filtering software makes sure we are not bothered by them.
Less frequently we see Web sites built with the sole purpose of distributing malicious code. In some cases the fraudulent sites imitate the alert pages of a legitimate security company with the hope of tricking unsuspecting users into downloading malicious code. The level of credibility of these Web sites varies, but in most cases they contain logos, colors, and other (copyrighted) branding details ripped off from the legitimate site. This makes them somewhat harder for the casual or misinformed web user to detect, when they are, in fact, phony. In more sophisticated...
