Self-defense for consumers
Sadly, infection can’t be stopped merely by convincing users not to execute untrusted software. No consumer knowingly installs malicious software, and SSL-evading Trojans can easily go unnoticed by the most careful user.
One of the best defenses is simply to convince consumers to check their online balances frequently. Beyond this, consumers need to lobby financial institutions and move their accounts from institutions that keep their head in the sand.
Banks that require stronger authentication and transactional authorization should be rewarded. Those institutions should also encourage customers to report phishing attacks to the site’s security reporting e-mail address so they can take down fake Web sites or otherwise minimize risk.
Currently, log-on-stealing Trojans are still the No. 1 threat to the banking industry, but SSL-evading Trojans that can bypass any authentication scheme are emerging as a particularly frightening challenge. They need to be dealt with now before consumer confidence in e-commerce goes into serious decline.