[ news_security_news ]
Trojan Injects Fields Into Secure Forms
David Utter
Staff Writer
2007-05-29
 Insider Reports RSS Feed
People who do any sort of online secure access need to be aware of an even more insidious threat to them via infected machines.
A Trojan that affects PCs can inject additional fields into the HTML for secure forms, and grab the data entered there as a sneaky man in the middle attack.
Symantec researcher Amado Hidalgo said there is more to do than just typing in a URL into the browser, looking for the padlock icon, and checking it to see if it matches the website. Now people have to think a little harder about what they are entering.
The Trojan file Hidalgo referenced adds a field to a form one sees from a banking site. For example, a login form that might usually have fields for username and password places a field for ATM PIN between them. It could even be labeled as being their for security reasons.
Once the Trojan grabs the information and sends it back to the criminals responsible for the malware, the data is passed along to the legitimate site, where it logs the victim in normally. In an optimal execution, the person never realizes the man in the middle attack just took place.
Hidalgo said people should be suspicious if their destination site suddenly picks up new fields in a form that weren't present previously. "If in doubt, do not proceed and contact the institution and find out if those additional details are required," he wrote.
---
Tags: Trojan, Secure Forms, Banking, Malware
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
