0x00 Preface
Inspired by a recent post about the safety of client banks. Read comments and realized that this topic seems poorly lit Habre. Dedicated to all who love to shout "What a hacker can take over my computer", "Yes, to whom I want." What's happening? And most importantly how to funneling money from the accounts? I wonder? Welcome to a habrakat.
0x01 Malware, cunning and ruthless.
While artful Habrovchane put antivirus software, Linux and other protective gear, the creators of Malvar not sleep and every day improving their creations. Some of them are admirable, they are elegant and beautiful. And dangerous. If before the whole "visible" the danger is only in damage to software, today thanks to the spread of MasterCard and Visa motives of the perpetrators has shifted into the financial sector. About the work of the legendary Zeus / Conficker and other outstanding representatives of malware «community" are all here already heard, but it seems people still do not understand what was happening. While some rely on SSL certificates and other one-time passwords on ... The trouble comes from where it was not expected.
With the active surfing to catch malware - the problem is not complicated, it is usually due to the so-called Exploit-pakam, and when a person comes to compromise a page (this way may well be one page thread known internet resource) to be applied to the browser a lot of different attacks, the main objective which is to throw the system surfer either the malware, or is it daunloader. After the animal had settled on your system, it waits. Waits before it opens the browser with online customer-bank. And then the fun begins.
0x02 Within the online banking customer.
The first time you visit a client bank with an infected machine, Malvar reconnoitre the area. With XSS, or any other method, it loads the JavaScript written specifically for this bank. And with it gathers all the information just walking around DOMu. What is going? Going to all - name card holder, the balance, all kinds of transfers from the account and the account. Aggregated information is sent after the attackers. After that, Malvar back to sleep and waits for further ZU.
Further ZU come in the form of information processed by man - where and how to send money. After that, Malvar wait begins again, but again without a goal to drain your hard-earned money. In this example, consider the case with so all your favorite one-time passwords, which give a certain illusion of security. When it comes time to collect one-time password Malvar cunning, and receives data in the mold caused by the malicious tricks again, that is actually the first password goes left, and the user is shown a beautiful page - the error message authentication, and then asked to enter this one-time password. The second password is just going by the recipient, but the user hits the page the customer of the bank, authorized by the first password. Again Malvar closely monitors the user's actions, comparing the upcoming action and change in the balance. Assume balance it enough to make the necessary translations. He waits for the user exits the client-bank. And after this time without any user intervention, every kind, he is authorized by the second entering your password on a series of POST / GET requests, it sends money to the accounts of mules. Saves the delta for rebalancing, and other necessary data. And again, waiting.
When the victim re-visited his client in, Malvar he substitutes a beautiful page for the difference withdrawals. The victim saw that all the money in the place left by the action of posting the regular JavaScript are not displayed, just do not display all sorts of buttons like "Save my actions to a text file, and so on and so forth, why not raise a panic. A Malvar meantime monitors the completion of balance, and if so what happens is the script to clean up the electronic wallet happening again. In fact, the victim may lose the savings account and savings for a very decent period of time, thinking that his account is growing.
0x03 Instead of a conclusion
I specifically did not consider all types of malware and how to work on-line bank customers, as they exist big set and to describe them makes no sense. Just have a place to be and other schemes other than those listed here. This information is provided solely for information in order to shed some light on the "safe" online banking. I can only add that almost all modern methods of protection, successfully dispense carders. So watch out for the purity of your PC and closely relates to the use of online banking customers and do not think that you are not wanted.
|
