FREE TRAVEL GUIDE

Online Advertising

 FREE CREDIT REPAIR

Free Online Advertising Articles
Pop-Up Ad Installs Program That Steals Bank Passwords

By: Identity Theft 911 IB


http://www.identitytheft911.com/education/alerts/20040630_pwd.jsp
A malicious program that installs itself on Windows computers through a pop-up ad can read keystrokes and steal passwords when victims visit any of nearly 50 online banking sites, including Citibank, Barclays Bank, and Deutsche Bank.

When a victim visits one of the targeted financial sites, the malicious program logs the keystrokes entered, then transmits the account holder's captured username, password, and other account information to identity thieves.

Financial sites typically use the browser's built-in encryption to protect login information transmitted over the Internet. However, because this program captures the sensitive information as it is keyed in — and thus before it reaches the browser — that encryption provides no protection against this exploit.

The scammers' code exploits security flaws in the Microsoft Internet Explorer web browser to install itself secretly on the victim's computer. The scammers appear to have hacked into one or more servers operated by online advertising networks in order to insert malicious code into pop-up ads.

The code downloaded via the malicious pop-up ad — which uses a .gif file extension to masquerade as an image file — actually incorporates two programs. One is a browser "helper file" that secretly intercepts usernames and passwords for the targeted sites before they reach the browser application itself. The other is a file-dropper, which installs the keystroke logger on the victim's machine by exploiting a security hole in the Microsoft Internet Explorer web browser.

After the account information has been captured, the data is encrypted by a program hosted on a remote server and sent to the attackers.

Microsoft has advised users of its browser to raise security settings to high until the company is able to issue a security patch. However, a series of serious attacks — including one last week that exploited Windows and Internet Explorer flaws to install malware and steal data from visitors to leading web sites — have led the U.S. Computer Emergency Readiness Team (CERT) and other security experts to recommend that users avoid Microsoft's browser altogether.

eTopSites 2DCS.Com BestCoin

HEALTH

 NetFlix Civil War Mega Coins CARDS Hypnosis
AUTOS CREDIT eCoinAuction

WALK

 TRAVEL JimCrane Music Television ProSiteHits
Currency Best Thrift Honest Post Real Estate POKER Horse Racing eCoup.Com Movies USA
  ClickBank Natural Cures e-Coin.WS e-Coin.US e-Coin.Org Don't Know Web Hosting  

© 1992-2012 DC2NET™, Inc. All Rights Reserved