Friday, November 02, 2007

Metaphisher Malware Kit Spotted in the Wild

Such crimeware botnet C&Cs entirely encompassing of banker trojans infected PCs can depress every financial institution's PR department who often talk more about SSL as the cornerstone of secure E-banking than they should, next to forwarding the responsibility for fraud prevention to the SSL secured customers under the umbrella of a signed e-banking contract. No Anti Virus Software, no E-banking for You mindset is greatly desired to at least slow down the emergence of such banking malware botnets. When you come across something like this, you get the cyber shivers, as it's done for pure massive banking frauds in a typical malicious economies of scale fashion. Once success is anticipated in the form of infecting as many PCs as possible, methods to steamline efficiency start emerging.

As I've once pointed out, one-time-passwords in everything and two-factor authentication is marketable, yet it's not the authentication process malware authors excel at breaking as they don't even have to. They "form grab" and "session grab" efficiently in a Nuclear Grabber style, the 1.0 version of the currently emerging e-banking malware.

Another related post on FortifySoftware's blog wisely debunks the notion that online banking is safer than physical banking as an executive tried to convince them.