First published: 21st November 2007
Finnish information security company F-Secure warns that a technique called "Man in the Browser" is being actively used in an upsurge of bank fraud attacks. The technique intercepts the personal data of bank customers in the browser.
Historically, there has been a trend of increasing sophistication in attacks used by cyber-criminals attempting to steal personal and bank data of internet users. The earliest method was software that was capable of retrieving the data typed into the computer keyboard ("keyloggers"), and then more complex mechanisms arrived on the scene, such as phishing and pharming. Phishing uses emails that the sender disguises to look as if they come from a financial establishment. When the web user clicks on the link contained in the mail, he finds himself on a bogus site that invites him to log into his account. Pharming consists in automatically redirecting the web user to a false site (imitating the site of his bank) when the user wishes to visit the real site, but without the user having to click on a link of any kind, since the usurping of the address takes place at internet level. The "Man in the Middle" technique consists of the cyber-criminal pretending to be the bank's site, intercepting the data passed by the user, and then using that data to access the real bank site to gain access to the account.
The latest technique used for these attacks is known as "Man in the Browser". Once the PC has been infected, the malicious code is only triggered when the web user visits his online bank site. This type of malware is capable of retrieving the information (login and password) that is entered by the web user on the real web page of the bank site by intercepting the HTML code on his web browser. This personal data is then sent directly to an FTP site where the cyber criminal stores it, before selling it on to the highest bidder on other web sites used by cyber-criminals.
Security products using behavioural analysis are the best solution against such attacks, as the malicious code is designed specifically for certain banking sites. They are not distributed en masse, unlike attacks using phishing, for example. This restricted distribution constitutes a real challenge for security software publishers when it comes to referencing these malware and using signature recognition.
"With the enhancements that banks have deployed in terms of authentication security on their online banking sites, phishing attacks are becoming less and less effective, and attacks of the 'Man in the Browser' type are set to increase," says Mikko Hypponen, the Chief Research Officer at F-Secure.
F-Secure security solutions feature behavioural analysis, the dedicated F-Secure Deepguard engine being an example of this.