'Man in the Browser' malware defeats banks' two-step online authentication

By Shawn Knight · 21 replies
Feb 7, 2012
Post New Reply
  1. A new breed of malware called a Man in the Browser (MitB) attack can successfully bypass a bank’s two-step online authentication process. In most cases, the victim isn't even aware…

    Read the whole story
  2. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 9,733   +3,705

    Wouldn't that suggest the attacker knows you and which websites you visit?
  3. This and other malware is why I don't do financial transactions online. I would think by now that banks (or someone) would come up with a live boot CD/USB that uses a hardend OS/Application to access the bank. Simply boot off the CD/USB do your transactions and then boot back into your standard OS. I think for most of us that would work as you usually don't have to access the bank on a daily basis.
  4. motrin

    motrin TS Booster Posts: 162   +15

    so does this thing track key strokes? I log in w/ on screen key board lol would I be okay??
  5. bexwhitt

    bexwhitt TS Guru Posts: 355   +73

    From what I Gather the gist is the malware puts up an extra dialogue and expects you to put in your full memorable phrase in, something your bank would never ask as it defeats the point of having the drop down input.

    So if your browser asks you to enter your memorable phrase in plain text you are probably need to not use your computer for online banking
  6. Xero07

    Xero07 TS Booster Posts: 100

    I think it probably has a list of bank urls that it attempts to match.
  7. TomSEA

    TomSEA TechSpot Chancellor Posts: 2,718   +860

    Good info - thanks for the heads up. Just passed this article on to all my friends.
  8. Xero07 is right on the spot. When an infected computer goes to a website, the malicious code does a quick check to see if it is on a list of know bank sites. If it is, the fun begins.

    This stuff is getting very sneaky. The latest versions of these progams will actually add extra fields to the login page making it look like your bank is now asking for additional information. They typically ask for SSN, ATM PIN, and phone number. The look-and-feel of these new questions exactly matches the original prompts. Unsuspecting users will think the bank is just asking for that stuff as added protection.

    The greatest problem is that everyone keeps thinking that as long as they have anti-virus installed, nothing bad will happen to them. Anti-virus is very reactive. If a new malicious program comes out, the anti-virus may not recognize it for a long time... long after it has done damage.
  9. Betcha China has something to do with this . . . .
  10. Burned

    Burned TS Rookie

  11. treetops

    treetops TS Evangelist Posts: 2,073   +219

    Why do I think this is made by those people from my bank that call me every other day to offer account protection? No wells fargo I do not want free 3 month account protection!!!!! Iv even cursed at them they won't stop calling I am closing my bank account soon.
  12. Where do these guys get this new malware from for testing?
    If it's out there & available, surely the anti-virus packages must get updated quick smart!
  13. MrAnderson

    MrAnderson TS Maniac Posts: 488   +10

    It would have been nice to mention the usual ways the bad code has been recored to enter a system... it doen't just walk on??
  14. So basically, "Reminder, don't do banking online."

    K got it ^.^
  15. o_O
    This would cause everyone to stop using their banks from the computer in the first place!
    Heck, they would probably abandon banks that did this kind of thing.

    It might work for high security places such as military or highly secret corporations, but for consumers... forget it. Not ever going to happen, I will bet.
  16. My bank in Australia has a little toggle the size of a USB stick. It runs 6 numbers for a 4 minutes. You have to enter the numbers...the bank on the other end matches the said numbers also in the 4 minutes on your toggle. Then the numbers change. If they match the transaction goes through. The little toggle DOES NOT go into your computer. How the bank knows my toggle number is beyond me....and the crooks.
  17. Lionvibez

    Lionvibez TS Evangelist Posts: 1,268   +436

    Actually sounds similar to how an RSA token works for remote access into your companies systems.
  18. MrTomTom

    MrTomTom TS Rookie Posts: 22

    The online banking web interface I'm used to never ask my PIN (required for multi-factor auth) and certainly never will. The day it does ask my PIN I'll probably freak out and restore a clean backup.
  19. Just 2 days back I cleaned my laptop which had Zeus / ZBot, one of the first financial malwares. Normal antivirus programs dont even detect them. The malware actually blocked opening websites like malwarebytes.org which can clean them. I had to download it another pc and transfer it using USB stick and then clean it up.

    I changed the passwords for all my onine accounts including email accounts, deactivated my transaction grid and requested for new ones, rechecked my contact details in every account... the weekend was hectic. And I poured over the internet content on how to do safe online banking. The tips I found.

    1. Dont do casual browsing & online banking on the same pc/laptop. In the least use use sandbox software like sandboxie for casual browsing.
    2. If you have only one PC, use a linux based live cd to do online banking. This is by far the safest method.
    3. Zeus, spyeye etc are hard to detect (statistics is only 23% infections are detected) can even modify your account statements, transactions, balances etc on the fly in your web browser so that it takes a long time before you realize that you have been robbed. So always opt for a hard/soft copy of the statement from your bank and reconcile your statements once or twice a month.
  20. xempler

    xempler TS Rookie Posts: 24

    I find the best way to keep yourself secure is to use a old laptop or computer ONLY for online banking. Reformat it, install your anitvirus software and then don't use it for anything else. If you don't have a old computer then add a seperate hard drive to your existing computer and only connect it when you need to do your banking. It's a bit of a pain in the a** but not as much as trying to get your money back once someone cleans out your bank account or worse steals your identity
  21. amstech

    amstech IT Overlord Posts: 1,936   +1,101

    All software can be compromised, one way or another.
  22. Unfortunately, using a token or fob will not work against man-in-the-browser.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...