"Man In The Browser" Attacks Increasing
A new generation of malicious code is being used in increasingly frequent attacks on banking sites. The technique is called "Man in the Browser" and involves Pharming, which is the practice of redirecting users to a fake website that looks like the legit site of a bank. The cybercrimal is able to infect redirected user's PC's with a code that is only triggered when the user visits the actual banking site. The user's login information is captured and sent to an FTP site for storage and eventual sale.
"With the enhancements that banks have deployed in terms of authentication security on their online banking sites, phishing attacks are becoming less and less effective and attacks of the 'Man in the Browser' are set to increase," says F-Secure's Chief Research Officer Mikko Hypponen.
The most effective tool to prevent such attacks appears to be security products that use behavioral analysis because the malicious codes are tailored for specific banks rather than being mass distributed. This new technique will prove challenging to security software publishers attempting to index threats.
I’m surprised that banks don’t offer their own applications to use for online banking – for instance, a virtual machine that saves it’s state running something like damn small linux + a web browser. This could be packaged with qemu.
You’d boot the virtual machine, use your banking, then when you closed it off, the virtual machine wouldn’t save changes, so it would always be the same.
This could be distributed on read only flash memory, or even plain old CDs to avoid modifying the image.
Good idea?
Tutorial on how to do this on my blog.
http://richbradshaw.wordpress.com/2007/11/27/solutions-to-%e2%80%98man-in-the-browser%e2%80%99-online-banking-security-threat/