Ever heard of Unicode?
It's called "Śląski", not "Slaski".
A variant of the ZeuS banking trojan is targeting mobile phone users who rely on their handsets to get enhanced, two-factor authentication from ING Bank Slaski in Poland, a security blogger said on Monday. The ZeuS man-in-the-mobile attacks appear to similar to those that hit Spain in September, researchers from antivirus …
So they get Zeus on your PC to get the online banking number and static passwords, then con you into infecting your mobile with another Zeus variant. But why bother?
As you're typing the OTP mTAN into the infected PC anyway, the extra step is pointless (and requires an additional risk that the element of social engineering alerts the user).
Bank 3/10 - poor security, which fails to understand the point of out of band security
Criminal 6/10 - potentially successful, but fail to understand they're messing up their own attack
> The ZeuS Mitmo injects a fraudulent field into webpages that prompts users for their cellphone number and the type of handset they use ..
The solution being to run your Browser off a bootable CD or readonly USB device. Seriously folks, how often do I have to keep on saying this. Yes, I know all about in memory hacks, but they are a rarity and get flushed on the next reboot.
On a related note, in the interests of security and 'compliance', the IT people here have banned the use of Linux and require the sole use of the 'compliant' Windows XP/7. At the same time the system is wide open to anyone with a wireless laptop. Thing is, I really don't understand how spying on me is going to protect me from the 'terrorists' ...
...when a ZeuS variant infects your OS such that when it creates a bootable CD or USB key, the OS contained therein is modified to already contain the ZeuS trojan.
Basically the Stuxnet approach to getting round the physical network isolation of the PLC controllers.
Yes, you could run a MD5 check (or some other hash) against the OS image, but how do you know your computer is telling you the right answer? We can't even go back to buying physical CDs as the pressing plant may have been compromised.
Biting the hand that feeds IT © 1998–2022