Malware Targets EBanking Security Technology

A new class of malicious software contains a feature specifically designed to thwart online security technology implemented by Bank of America and many other financial institutions that allow their customers to monitor and make changes to their accounts via the Internet.

The feature was found in a recent version of "Pinch," a widely distributed Trojan horse program that gives bad guys the ability to steal usernames and passwords from a victim's computer. Turns out, the newly detected version of Pinch also looks for and steals a special token that gets planted on the machine of anyone who banks online with a financial institution that is using Adaptive Authentication, a Web site security technology owned by RSA Security. The technology is often called "Site Key," which is Bank of America's branding of the RSA technology, and for most of this post that's how I'll refer to it. Malware Targets E-Banking Security Technology - Security Fix

Linked by shanmuga Wednesday, 19th December 2007 8:36AM