on
March 24th 2006 at 9:12 pm in The Register reports on Deutsche Bank and the (Dutch) Postbank being targeted by a new piece of spyware.
This one, dubbed Trojan-Spy.Win32.Bancos.pw reportedly intercepts HTTPS traffic and captures so-called TAN tokens. These tokens are pieces of information that should identify a banks real customer to finalise a banking transaction.
If infected by this piece of malware, and the end-user does a transaction it is served with an error. At that moment, the bad guys have the TAN code the bank expects and can theoretically make another transaction (to their account, for instance).
Of course, if succesful, one could still ‘follow the money’ to track the person to the ATM’s camera that recorded the withdrawl. That probably explains this:
The Trojan isn’t widespread yet, nor have there been any reports of victims, “but there is no doubt we are going to see more of this,” an expert warns. “It could render the use of tokens useless”.
These tokens are indeed useless — at the least pretty damn weak for a bank.
Somebody I know uses the Postbank, and the TAN tokens where on this list, received by normal mail (100 numbers). At a certain point, as added security, they didn’t ask them in order, but randomly. Wow.
My bank uses so-called two-factor authentication: the bank’s server challenges some piece of hardware here with a number. I can only use that hardware with my valid banking-card and PIN-code. The hardware responds with a number and the bank’s server can see if this is correct. Of course this still leaves room for man-in-the-middle attacks but also here — ones tracks cannot be erased and banks usually ‘undo’ the damage.
no comments 
