During the ‘morning rounds’ on the Innertube, I came across this blog entry from the folks at VirusList.com, which is the blogging site of the anti-virus folks at Kapersky Labs. The entry talks about a multi-stage attack by some malware that is after your on-line banking information.
Stage 1 is the initial infection, which can get on your system with a ‘drive-by’ just by visiting a malwared web page. A program is downloaded and installed on your computer. The program sends every URL (web page address) that you visit to the hacker’s web server.
Stage 2 is where the malware watches for encrypted web page traffic, such as when you visit your on-line banking site, or a shopping site as you are doing a checkout/payment. That traffic is captured and sent to the hacker’s web server.
Stage 3 is when the hacker analyzes that traffic (web page content, even though encrypted), and determines the bank you are visiting. It then sends to your computer another program that intercepts any keystrokes as you are using your banking web site.
The result is information about your bank login, account number, password, etc. sent back to the hacker. At that point, identity/financial theft can ensue.
Your protection against this? Anti-virus program that can sense the download of the malicious software from step 1. For instance, the electronic greeting card (‘ecard’) mail that’s going around. Clicking on the link in those emails will get you a download (and install) of malware. At that point, your computer is ‘owned’ by the hacker.
If you keep your anti-virus current (and your operating system and applications patches current), you’ll be protected. Along with the Safe Computing Practice of not clicking on links in emails.
And if your computer is infected? How do you recover from that? I’ve been working on a malware-infected computer. My conclusions will be in a post over on the “Security Dawg” web site.