malware and web pages

[amorielljason]

I'm probably missing the obvious here.  This forum doesn't have a lot of Symantec virus scanner software fans, and Norton/Symantec's had problems detecting the malware aimed at ACH bank accounts.  There have been a large # of infected computers in my area lately with malware that has resulted in fraudulent ACH transfers.  According to 1 article I read, 28 out of 32 virus scanning programs didn't detect a recent financial malware.

Some of the local victims had key logger viruses.  Some had malware that read the data stored in their auto-forms feature on their browsers and apparently sent that data off to the hacker who wrote the code.  Looking at some of the articles that I googled (and there really aren't very many articles out there now on malware and ACH transfers), it looks like people surfing the internet are more frequently visiting regular web sites that have been compromised / hacked and visiting that web page is resulting in malware scripts being run on the web surfer's computer.

Avoiding this malware doesn't seem to be as simple any more as simply not opening attachments from unknown senders.  What's the safe way to secure a Mac (or any computer for that matter) that's used for online banking?  Are there other key terms that I should be googling?  Has anyone seen any in-depth articles, discussions, forums on this financial malware?

Thanks.  1 article is below-

Jason

From vnunet.com 10/25/08

 An analysis into the use of financial malware has shown that despite a fall in the number of new attacks detected, criminals are still managing to beat security measures designed to stop fraud.

The study found that while discoveries of malware aimed at banks and other financial groups appears to be decreasing, this does not indicate a reduced threat. Rather the threats are increasing as malware writers are getting smarter.

advertisement

“Financial institutions around the world are seeing increasing losses from cybercrime,” wrote Roel Schouwenberg, senior anti-virus researcher atKaspersky Lab.

“Investing in better security costs a lot of money. However, this is a choice that banks clearly have to make.”

Attack vectors have changed significantly in the last year, according to Kaspersky, with far less reliance on easily blocked spam containing malware to attack code being embedded in web pages.

This is in line with other software attacks, but what differentiated the malware for finance houses is its sophistication. Traditional keylogging software is now being replaced by Trojans, that can download ever more complex spying tools.

For example, two-factor authentication for online banking, which uses a hardware token in addition to a secret password, is increasingly ineffective. This is because malware writers have perfected the tools to get around it by redirecting the user to a separate server to harvest the necessary access information in real time – the so called ‘man in the middle’ attack.

This defeats the two-factor process, but malware writers have taken the process a step further with a new ‘man in the endpoint’ attack. This eliminates the need for a separate server by conducting the entire attack on the user’s machine.

“There are several significant advantages to this approach,” Schouwenberg said.

“First, there is a direct connection with the financial organisation so there is no chance of a transaction being tagged simply because a user has logged on from an unknown IP address. Second, a man in the endpoint attack will have a better success rate than a man in the middle one if used against a system which employs complex defences.”

The situation is being aided by the increasing use of ‘money mules’, people who are recruited to act as recipients of stolen funds and pass them on in the form of e-gold or moneygram certificates to the fraudster in exchange for a 10 to 15 per cent cut.

-