the limits of crypto and authentication

Mads Rasmussen mads at opencs.com.br
Tue Jul 12 13:06:04 EDT 2005


In Brazil there's alot of trojans similar to the one Steven mentioned, 
almost all of them targeted at diferent national banks.

A while back they worked as "external pop-ups" as we named them. That is 
they appeared on top of the browser appearing visually like when you are 
asked for your credencials by the bank (although many times they ask for 
all your data including ssn).
Now a days they are more advanced, we have seen trojans lately that 
closes the browser and opens a window just like IE and then navigates 
the banks site inside, when it comes to entering the credencials it 
shows more fields to fill in than normal.
They often come with keyloggers too to rob your pin number as you enter it.
That made the banks use virtual keyboards, entering the PIN with the 
mouse on screen, to avoid entering PIN numbers via the keyboard.
Then the bad guys started using mouse loggers that captures a tiny 
square with every mouse click.

The captured data are sent via smtp, ftp or via an http post.

The latest trick is to encrypt the captured data with AES although the 
key is fixed in the code ;-)




Steven M. Bellovin wrote:

>There's been a lot of discussion about how to strengthen cryptography 
>and authentication, to get away from problems of phishing, pharming, 
>etc.  But such approaches can take you only so far, as this link 
>indicates:
>
>http://www.lurhq.com/grams.html
>
>Briefly, it's a Trojan that waits for you to log int o E-Gold, checks 
>your balance, and drains your account except for .004 grams of gold.
>  
>
-- 
Mads Rasmussen
Security Consultant
Open Communications Security
+55 11 3345 2525



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list