How SSL-evading Trojans work

Trusted code, back-end defenses are the best ways to fight back

By Roger A. Grimes
May 01, 2006

Talkback

E-mail

Printer Friendly

Reprints

SSL-evading Trojans bypass the secure and authenticated tunnel mechanisms that are the safety backbone of today’s Internet banking and financial institutions. As with any Trojan, this type can do anything allowed by the user’s security permissions.

Return to special report

DOWNLOAD PDF

Click here to download InfoWorld's special report When SSL isn't safe

There are three basic flavors of SSL-evading Trojan: credential-stealing, bogus SSL, and transaction-based.

The credential-stealing variety is similar to the conventional password-stealing Trojan but with a twist. Rather than simply capture logon keystrokes and forward them to an attacker, these Trojans can also subvert such authentication methods as on-screen keyboards with random key placement, requests for random letters from a user’s “magic word,” or reselection of a previously selected graphic. They do this by taking small snapshots of the screen when the user clicks in previously located authentication areas. The pictures are collected, zipped, and then sent back to the malicious hacker.

Bogus SSL Trojans offer up fake local Web pages in place of a bank’s real Web site. When the Trojan installs itself, it searches the browser cache for bank and financial Web site pages and generates fake local pages. Then, when the user visits a real bank site, the Trojan intercepts the log-on and redirects it to the locally, bogus copy. The Trojan sends the credentials typed by the user to both the real bank and to the malicious hacker.

Transaction-based SSL-evading Trojans are the most dangerous and sophisticated. They wait until the user has successfully authenticated at the bank’s Web site, eliminating the need to bypass or capture authentication information. The Trojan then manipulates the underlying transaction, so that what the user thinks is happening is different from what’s actually transpiring on the site’s servers.

The Win32.Grams E-gold Trojan, spawned in November 2004, is a prime example of transaction-based type. When the user successfully authenticates, the Trojan opens a hidden browser window, reads the user’s account balance, and creates another hidden window that initiates a secret transfer. The user’s account balance, minus a small amount (to bypass any automatic warnings), is then sent to a predefined payee.

Many SSL-evading Trojans are “one-offs,” meaning that they are encrypted or packaged so that each Trojan is unique -- defeating signature-style detection by anti-virus software.

Ultimately, SSL-evading Trojans can be defeated only when users stop running untrusted code -- or better still, when banks deploy back-end defensive mechanisms that move beyond mere authentication protection.

Roger A. Grimes is contributing editor of the InfoWorld Test Center.

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

>> Talkback: Have your say

SLM AND BSM: THE FUTURE OF IT MANAGEMENT. ARE YOU READY?
Driven by globalization and competition, businesses increasingly look to IT to enable them to quickly adapt to changing business conditions, speed the delivery of products and services, and automate processes, all at lower costs. Additionally, service quality and positive customer experiences are also top priorities. The only way to meet these expectations is to cohesively manage IT-across the enterprise-from a business service point-of-view.

» Click here to view this Webcast

The Path to Enterprise Security
This is your comprehensive guide to Enterprise Security. In it you'll find solutions to the most pressing security threats facing you and your company. Learn the latest on insider threats and how to effectively minimize risk within your organization. Sponsored by Nokia

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

The Costs and Impacts of DNS and IP Address Management - Computerworld Report- Large Enterprises Pay Much More for IPAM As networks grow, IP address management costs (per IP address...
AT&T Article: Reinventing the Telephone with VoIP - After weighing Internet telephony's costs against its benefits, some managers are deciding that VoIP is vital to their organizations...
New from AT&T: Fixed-Mobile Convergence for High Performance - The newest fixed-mobile convergence (FMC) strategies could enable enterprises to increase the productivity and effectiveness...
IP Address Management Solutions White Paper - Infoblox IP Address Management Solutions Brief IP address management (IPAM) provides the ability to effectively manage, ...
Delivering Actionable Enterprise Architecture - Enterprise Architecture (EA) provides the crucial capability for aligning business and IT. By developing architecture-driven...
An AT&T White Paper: Enterprise IPTV Solution - Discover two components of a solution that allows you to produce and broadcast video to internal and external audiences:...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

How SSL-evading Trojans work

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
Oracle - Top 3 Ways to Cut Costs in 2009 with Oracle Content Management AMD - See the power of the new Quad-Core AMD Opteron(TM) processor ASG Software - Transform your IT Organization now! AT&T - The Top 10 Best Practices for Server Virtualization Planning ISC2 - Network Security Solutions Guide Infoblox - The Costs and Impacts of DNS and IP Address Management AMD - Learn how the new Quad-Core AMD Opteron(TM) processor improves performance Riverbed - Virtualization Solutions Guide Armstrong - Delivering Actionable Enterprise Architecture AT&T - AT&T Business Continuity Survey on Risk Management AT&T - New from AT&T: Discover Fixed-Mobile Convergence Now AT&T - AT&T Article: Reinventing the Telephone with VoIP HP - HP StorageWorks products-control, consolidation and confidence. Vision Solutions - Solving Downtime Challenges to Manufacturing and Supply Chain Operations Oracle - The Top Three Ways to Cut Costs in 2009 HP - Predict the future with HP Insight Power Manager Rackspace - The True Value of a Hosting Provider HP - Affordable technology-no compromise. HP server solutions. Motorola - The Enterprise Mobile Messaging Benchmark Report AT&T - Machines That Speak: The Machine-to-Machine Wireless Network Data Domain - IDC Workbook: Assess the Value of Deduplication for your Storage Consolidation Initiatives InterSystems - Development, integration, BPM, and BAM together in Ensemble AMD - The Future is Fusion. Only from AMD. Learn more. Vision Solutions - Real-Time, On-Demand Information for Business Intelligence and Data Integration (ISC)2 - I'm an SSCP Go-To Guy. See what I do. Click here! Villanova University - Increase Your Educational Bandwidth While Saving up to $945!		Zenprise - How to Manage BlackBerry on a Tight Budget Samsung Printing Solutions - control workflow, costs and operations Check Point - Check Point Endpoint Security White Paper Get to know - BlackBerry Professional Software-find out more Oracle - Oracle Universal Content Management Oracle - Information Workplace Platforms: Oracle vs. Microsoft Oracle - Performance Monitor: ERP at the Speed of Light Dell Equallogic - Comprehensive Data Protection and Disaster Recovery Sony - Discover the advantages of Sony LTO media at sony.com/lto. Sun - Virtual Machines: Sun's xVM Virtualization Portfolio Verisign - The Latest Advancements in SSL Technology CA - Plan IT better, Manage IT better. CA - Manage your IT more effectively. Intel - Processor-enabled Virtualization. That's IT as it should be. Microsoft - Get the virtualizing power of Windows Server 2008 with Hyper-V Microsoft - Microsoft SQL Server 2008. Read Case Studies & Try for Free Microsoft - Learn about the software-based VoIP solution from Microsoft. AT&T - Securing the Converged Enterprise I AT&T - Securing the Converged Enterprise II AT&T - An AT&T White Paper: Enterprise IPTV Solution AT&T - An AT&T Article: When Content is King AT&T - Maximizing Mobility in Communications AT&T - The Spirit of Innovation: 100 IT Leaders Speak Out Oracle - Nucleus Report: Who's ready for SMB? Adobe - Delivering On The Promise Of eLearning MKS - Get Power and Simplicity of UNIX while working in Windows Qwest - Learn how Qwest voice and data solutions can save you time.

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist