Phil Mellinger's article published in today's ComputerWorld (Nov 4, 2011) titled 'A Short History of Crimeware' points to the widespread proliferation of crimeware today. Crimeware is defined as ' the class of malware, specifically designed to automate large-scale financial crime'. Crimeware undermines today's technologies and sets at naught the concepts of privacy, anonymity and security, surpassing an 'Orwellian world'.
Crimeware that includes financial malware, stealth malware or banking trojans, traces its origins to 2003, defeating traditional internet defenses of SSL encryption, anti-virus and two factor authentication. Attack tools such as Zeus and Spyeye collect highly sensitive authentication and financial data. Online banking accounts are specially targeted. Variants of the crimeware are easily created and propagated to infect PCs.
Crimeware Technologies:
Crimeware relies on botnet controlers, sophisticated trojans and data collection technologies.
Some of the major advances since 2003 are listed:
1. Form grabbing within IE browsers, leading to harvesting of banking credentials. This led FFEIC in 2005 to recommend two factor authentication for online bank accounts. This is an advancement over keystroke logging techniques to steal credentials.
2. Stealth or anti-detection, anti-forensics technologies, preventing detection by signature-based anti-virus or behavior-based (IDS/IPS) techniques.
3. Web injects (Man-in-the browser) for PCs running IE/Windows, defeating two-factor authentication, enabling criminals to take over authenticated connections within compromised PCs, subverting key-entry based authentication techniques and enabling crimeware to control user's connection to the bank.
4. Crimeware expanding to other browsers and OS (Chrome, Firefox, Opera, Safari and Apple OS X)
5. Sourcecode availability for Zeus and SpyEye.
6. Disabling/Circumventing Anti-Crimeware, disabling anti-malware products.
7. Mobile device support (man-in-the-mobile)
subverting mobile devices banks used to validate online banking transactions with customers. Man in the mobile attacks covertly validate the transation without the user's awareness.
8. Anti-removal or persistence
It is all a question of trust in cyberspace.
As Phil Mellinger says, 'crimeare is devastating our security, our privacy and our anonymity. It has jumped across browsers, operating systems, and even devices, to endanger current technologies. He says that we are entering a new phase of security.
Further details at:
http://www.computerworld.com/s/article/9221499/A_short_history_of_crimeware
-Joseph Ponnoly
Crimeware that includes financial malware, stealth malware or banking trojans, traces its origins to 2003, defeating traditional internet defenses of SSL encryption, anti-virus and two factor authentication. Attack tools such as Zeus and Spyeye collect highly sensitive authentication and financial data. Online banking accounts are specially targeted. Variants of the crimeware are easily created and propagated to infect PCs.
Crimeware Technologies:
Crimeware relies on botnet controlers, sophisticated trojans and data collection technologies.
Some of the major advances since 2003 are listed:
1. Form grabbing within IE browsers, leading to harvesting of banking credentials. This led FFEIC in 2005 to recommend two factor authentication for online bank accounts. This is an advancement over keystroke logging techniques to steal credentials.
2. Stealth or anti-detection, anti-forensics technologies, preventing detection by signature-based anti-virus or behavior-based (IDS/IPS) techniques.
3. Web injects (Man-in-the browser) for PCs running IE/Windows, defeating two-factor authentication, enabling criminals to take over authenticated connections within compromised PCs, subverting key-entry based authentication techniques and enabling crimeware to control user's connection to the bank.
4. Crimeware expanding to other browsers and OS (Chrome, Firefox, Opera, Safari and Apple OS X)
5. Sourcecode availability for Zeus and SpyEye.
6. Disabling/Circumventing Anti-Crimeware, disabling anti-malware products.
7. Mobile device support (man-in-the-mobile)
subverting mobile devices banks used to validate online banking transactions with customers. Man in the mobile attacks covertly validate the transation without the user's awareness.
8. Anti-removal or persistence
It is all a question of trust in cyberspace.
As Phil Mellinger says, 'crimeare is devastating our security, our privacy and our anonymity. It has jumped across browsers, operating systems, and even devices, to endanger current technologies. He says that we are entering a new phase of security.
Further details at:
http://www.computerworld.com/s/article/9221499/A_short_history_of_crimeware
-Joseph Ponnoly
No comments:
Post a Comment