Slashdot Mirror


New IE Malware Captures Passwords Ahead Of SSL

Ken Treis writes "SANS Internet Storm Center is reporting on a new strain of IE Malware. This one targets bank customers, which in itself is nothing new. But the catch is in the way it does it: it installs a Browser Help Object (BHO) that can capture login information before it is encrypted, and 'watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries.'."

19 of 986 comments (clear)

  1. I'm suprised by cbrocious · · Score: 5, Insightful

    that this hasn't happened earlier. Why would you fsck with SSL when you can bypass it completely?

    --
    Disconnect and self-destruct, one bullet at a time.
  2. Re:Can someone explain... by gr33nlantern · · Score: 5, Insightful

    Well, personally, i agree with you. Internet Explorer is far inferior to a lot of the other browsers out there.. The thing is that it's bundled with windows, and most people out there quite frankly aren't very computer literate, and more than 1/2 I would bet don't even know other web browsers exist. True, no? Any comments to that?

  3. Re:Coming events by Anonymous Coward · · Score: 5, Insightful

    Gee I'm glad I use FireFox on Linux!
    Except when I'm at work...

    I've got no choice at the office. So should I just stop doing online banking at work because the computers happen to use the most popular operating system and browser in the world?

    It does seem surprising that this hasn't been done before.

  4. Re:Can someone explain... by The+Fanta+Menace · · Score: 5, Insightful

    Primarily cos they just use the first thing that is in front of their face.

    One small step towards fixing this is to be involved as much as possible with all new computer installations.

    Your mum is getting a new computer? Go in there and set it up for her. Put mozilla and firefox on the desktop, show her how to use them, and remove all the IE icons. She won't know any better and you can rest easy knowing there's less chance your inheritance is going to disappear from her bank account.

    --
    -- Even if a god did exist, why the fsck should I worship it?
  5. Because it isn't so clear cut by SimianOverlord · · Score: 5, Insightful


    For the non-power user IE *IS* preferable. I came to this conclusion after trying several times to get friends and family to migrate to Firefox from Explorer. Even when I did all the grunt work, installing and setting up the browser and explained the benefits to them, they all went back to IE.

    IE has enough features for them to deal with. They don't need the fancy "bells and whistles" of Mozilla, in fact they didn't even use the extra features. IE has the Microsoft look and feel they are used to. It's free, it's preinstalled, so they get used to the feel of it from the outset and don't have to download and install, a task many find daunting. And as most of the extra functionality Firefox has over IE comes from extensions, which they can't even work out anyway, then it seems pointless for me to try to force them to use it.

    I don't blame most users for using IE. For them it is "good enough". I see a lot of snobbishness on this site, and maybe some of it is fair enough. I also see a lot of silly arguments with extrapolation from a small sample set "My sister uses Mozilla all the time now!" to big conclusions. As a scientist, I know enough not to make those errors. Anyway I just wanted to say most users don't need Firefox despite what you might read. I guess this is pretty obvious, it accounts for a fraction of 1% of browser usage after all.

    For the average user, using Mozilla is like using a 4x4 to go shopping. It is needed one time in a million, and the rest of the time it is woefully underused.

    --
    Meine Schwester ist sehr, sehr reizvoll - Nietzsche
  6. Can someone refer me to a useful BHO? by curtisk · · Score: 5, Insightful
    Anytime I hear of BHO's its always malware/spyware/adware...so when is it used for good? Seriously....

    Stuff like the google search bar? Does that count?

    --

    Sehr geehrter Toilettenbenutzer!

  7. Re:Coming events by oGMo · · Score: 5, Insightful
    Cue the "Gee I'm glad I use FireFox on Linux" posts.

    Gee, I'm glad I use Firefox on Linux. And why the hell shouldn't I be? In addition to actually supporting standards (CSS anyone?), my decision is constantly reaffirmed by exploints such as these. Do you have a problem with that? (Actually I use Mozilla, but close enough.)

    --

    Don't think of it as a flame---it's more like an argument that does 3d6 fire damage

  8. What, exactly, is the FBI doing about this? by ryanwright · · Score: 5, Insightful

    Everyone here is likely to blame Microsoft. I'm turning my wrath against the intelligence organizations of various countries. For far too long this BS - malware, viruses, fraud sent via spam - has been mostly ignored. It seems nobody is going to jail for the Paypal scams because Paypal isn't a "real bank". Now they're targeting real banks.

    I, for one, am sick of it. Where is our FBI and what are they doing about this? If these were criminals setting up videocameras to record pin numbers at ATMs, you can bet there would be a huge effort to track them down. Well, this is worse than that.

    --
    -Ryan, with the unoriginal sig
  9. Re:If this won't get people to switch, what will? by NanoGator · · Score: 5, Insightful

    "For crying out loud, people! How hard is it to download Firefox and switch? Especially with the new settings import wizard?"

    For crying out loud, people! Nobody even knows what Firefox is!

    Quit acting like everybody's a retard and start putting money into a Firefox ad campaign or something. Acting like a raging zealot isn't going to get people to switch.

    --
    "Derp de derp."
  10. Re:Can someone explain... by DjMd · · Score: 5, Insightful

    Thats when you point her IE shortcut at Firefox...
    I mean come on,,, Just tell her it is the new IE.

    --
    DJMD - The fourth man - Planetary
  11. Re:Coming events by IsaacW · · Score: 5, Insightful
    So should I just stop doing online banking at work because the computers happen to use the most popular operating system and browser in the world?
    Nope, you should just be smart about your office desktop's security settings and perhaps even use the browser-help-object (BHO) listing tool noted in the linked article: http://www.definitivesolutions.com/bhodemon.htm. I just checked my desktop, and it wasn't infected; so I'll still do banking online and continue to be wary of security issues.
  12. Re:usually a good idea by duslow · · Score: 5, Insightful

    What people blame Microsoft for is leaving that option on by default. Most users wouldn't even know what that means much less have the sense to uncheck it.

  13. Find a new bank by GrouchoMarx · · Score: 5, Insightful

    And if you're dumb enough to use a bank that works only with the big neon "Hack Me" sign that is IE, you get what you deserve. Find a bank that works with Mozilla or Konqueror and use those for banking instead.

    Oh yes, and be sure to tell your old bank WHY you're closing your account with them. "You're only supporting Internet Explorer as a browser, so I'm not supporting you as a bank."

    Not like they'll notice on personal accounts, but maybe if a business or three moves their accounts, they'll sit up and take notice.

    --

    --GrouchoMarx
    Card-carrying member of the EFF, FSF, and ACLU. Are you?

  14. Re:So.. by Durandal64 · · Score: 5, Insightful

    The one that asks the user if he wants to install it?

  15. Re:Coming events by Ironica · · Score: 5, Insightful

    Yeah, but the only site still forcing me to use IE is my local bank...

    1) Complain, if you haven't already... some web commerce site (can't remember which, but it was a big one) had a bug where it didn't recognize Mozilla as a sufficiently high version of Netscape. I feedbacked it, they responded with a NON-CANNED thank you within 24 hours, and it was fixed by the time I used the site again three days later.

    2) Have you tried fooling the site by sending different authentication? Mozilla can just *tell* the site it's IE. Unless they're doing something very stupid like using ActiveX, that may work just fine. (If they are using ActiveX, switch banks. Seriously.)

    --
    Don't you wish your girlfriend was a geek like me?
  16. Re:Coming events by dirvish · · Score: 5, Insightful

    What does Linux have to do with it? I use FireFox on Windows and I am still not vulnerable to this.

  17. Quit the handwringing and DO SOMETHING! by alexburke · · Score: 5, Insightful

    According to the linked article, this BHO phones the mothership located at:

    http://www.refestltd.com/cgi-bin/yes.pl

    www.refestltd.com is 66.226.64.11; the ARIN pull is below.

    I'm on the phone right now with Matt of Abacus America to get the website taken down.

    I am saddened to think that I'm the first one that's bothered to go to the trouble...

    OrgName: Abacus America Inc.
    OrgID: ABAC
    Address: 5276 Eastgate Mall
    City: San Diego
    StateProv: CA
    PostalCode: 92121
    Country: US

    NetRange: 66.226.64.0 - 66.226.95.255
    CIDR: 66.226.64.0/19
    NetName: ABAC2002A
    NetHandle: NET-66-226-64-0-1
    Parent: NET-66-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.ABAC.COM
    NameServer: NS2.ABAC.COM
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate: 2002-01-31
    Updated: 2003-03-27

    TechHandle: AD384-ORG-ARIN
    TechName: A Net DNS Administrator
    TechPhone: +1-858-410-6900
    TechEmail: dns@aplus.net

    OrgTechHandle: ANETS-ARIN
    OrgTechName: A Net Support
    OrgTechPhone: +1-858-410-6900
    OrgTechEmail: support@aplus.net

    # ARIN WHOIS database, last updated 2004-06-28 22:17
    # Enter ? for additional hints on searching ARIN's WHOIS database.

  18. Why people use IE by funkdid · · Score: 5, Insightful
    Odder still is that many ISPs won't support Mozilla /Firefox etc.

    For example, I used to work for Cablevision's Optimumonline service. I would sit in meetings and go on and on about how we should support, even lightly suggest our customers use Mozilla. One of the biggest avoidable call drivers in our Call Centers was people complaining of pop-ups. Another large driver was Spam. Mozilla is a great tool for handling both of those problems.

    The Higher Ups weren't interested in my ramblings. They would point out that we support IE, Netscape, Outlook Express and Outlook. They eventually came around and offered support of Safari but on a very limited basis (not that it needs anything more).

    The biggest problem that most ISPs face is uneducated consumers. Their machines get hijacked and in turn Spam the World, which causes other users to complain and blame the company. These machines also eat up Network resources, again causing other users to complain and blame the service. Don't forget the users that click on EVRERY pop-up that comes their way, thereby infesting their machine with spy-ware to the point that even opening IE is near impossible. Again, this is blamed on the service.

    Granted the Mozilla fam aren't really out of the "beta" fase, but I see less Firefox, and Mozilla fixes then there are for IE. Being that Netscape and Mozilla are half-siblings (in a sense) why not support it? It's not like the support staff needs to be re-trained.

    People don't care what browser they use, they want one that is intuitive, free, and functional to their needs. I think the Mozilla branch does that. With firefox 9.1 out today, why are people still using IE? Better yet, why aren't ISPs telling people NOT to use IE? It would save them a fortune and a company not looking to save a fortune..... should be investigated!

    --

    I boycott signatures

  19. Re:Coming events by 955301 · · Score: 5, Insightful

    You're a fool for using your office computer to do online banking. Haven't you ever heard of a keycatcher?

    Keep in mind, you cannot trust a computer which you cannot restrict physical access to. Period.

    No personal stuff on the office computer. Not because the company want it that way, but because you do, whether you know it or not.

    --
    You are checking your backups, aren't you?