Security firm F-Secure has warned of an upsurge in attacks against banking sites, using a new generation of malicious codes in a technique called "Man in the Browser".Once a computer has been infected, the malicious code is only triggered when the web user visits his online bank site. This type of malware is capable of retrieving the information - such as login and password - that is entered by the web user on the real web page of the bank site by intercepting the HTML code on his web browser.
The user's personal data is then sent directly to an FTP site where the criminal stores it, before selling it on to the highest bidder on other web sites used by cyber-criminals.
"With the enhancements that banks have deployed in terms of authentication security on their online banking sites, phishing attacks are becoming less and less effective and attacks of the 'Man in the Browser' are set to increase," says Mikko Hypponen, Chief Research Officer at Helsinki, Finland-based F-Secure.
F-Secure says security products that use behavioural analysis are the most effective against Man in the Browser attacks, since the malicious codes are designed specifically for certain banking sites.
Last week, security experts reported a spike in malicious attacks against banks, specifically targeting top level financial executives at these institutions.Security firm F-Secure has warned of an upsurge in attacks against banking sites, using a new generation of malicious codes in a technique called "Man in the Browser." Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio