For anyone who banks online
Feb 3, 2009 8:27:56 GMT
Post by CharlieChomper on Feb 3, 2009 8:27:56 GMT
Most people here I'm sure have heard of "phishing" scams of where the fraudsters have used various methods (usually relying upon tried and true methods of people falling for them and sending in their personal information without realizing they're being scammed--which is known as "spear phishing") to obtain your information, including just bank account information.
This most recent method involves a new twist to it that has a number in the security community rather concerned, given its level of sophistication as well as how easy it is for potential victims to become unaware of what has happened until after the fact.
Basically, what has been happening is that some people have been keeping their browser windows open whilst banking online and then visiting other, legitimate websites (which have sometimes unknowingly been "injected" via a security vulnerability with a malicious javascript) which will then generate a pop-up that contains a script that remotely detects that the user is banking online and "reports" that back to the malicious site and, in turn, generates a message telling said user that supposedly their banking session has expired and asks them to log back in again--it's at that point, that the malicious site collects the information and steals it from the unknowing user.
As the malware is hosted remotely and never actually infects nor attempts to the user's computer, anti-viral/security software fails to detect it and does nothing to stop or prevent it while literally every single web browser out there contains the same exploit involving javascript that this particular problem takes advantage of to "trace" the bank name and generate the phony screen (the best way I can think of to describe it is to think of the browser as leaving behind footprints which the script has been specially designed to look for and spot and then exploit).
From the user's perspective, the best advice (at this time) that I can provide is to not only avoid banking online and then visiting other sites (or do so during it), but to always make a point of clearing out your cookies, cache, history, etc. when you are through. I would recommend doing this as well anytime you visit a site where a transaction of some sort my have taken place or you have had to login to anything.
This most recent method involves a new twist to it that has a number in the security community rather concerned, given its level of sophistication as well as how easy it is for potential victims to become unaware of what has happened until after the fact.
Basically, what has been happening is that some people have been keeping their browser windows open whilst banking online and then visiting other, legitimate websites (which have sometimes unknowingly been "injected" via a security vulnerability with a malicious javascript) which will then generate a pop-up that contains a script that remotely detects that the user is banking online and "reports" that back to the malicious site and, in turn, generates a message telling said user that supposedly their banking session has expired and asks them to log back in again--it's at that point, that the malicious site collects the information and steals it from the unknowing user.
As the malware is hosted remotely and never actually infects nor attempts to the user's computer, anti-viral/security software fails to detect it and does nothing to stop or prevent it while literally every single web browser out there contains the same exploit involving javascript that this particular problem takes advantage of to "trace" the bank name and generate the phony screen (the best way I can think of to describe it is to think of the browser as leaving behind footprints which the script has been specially designed to look for and spot and then exploit).
From the user's perspective, the best advice (at this time) that I can provide is to not only avoid banking online and then visiting other sites (or do so during it), but to always make a point of clearing out your cookies, cache, history, etc. when you are through. I would recommend doing this as well anytime you visit a site where a transaction of some sort my have taken place or you have had to login to anything.