Internet banking authentication systems
includingtwo-factor security systemsare being
threatened by a new Trojan.
The new Trojan, spotted in various forms in recent weeks, poses
a potentially serious threat to most authentication systems being
rolled out by banks to protect their electronic customers.
"Most of the banks'
two-factor authentication systems centre around the use of a
customer-supplied password, plus a unique, one-time code generated
by an electronic token such as a SecurID unit or a user's mobile
phone," said Geoff Sweeney, CTO at security behavioural analysis
firm Tier-3.
"This new Trojan, called
Silentbanker, allows hackers intermediary access to the
information stream from the user, allowing them to create a man in
the middle type attack during an e-banking session.
"This effectively counters the protection afforded to users by
the two-factor authentication technology," he said.
Sweeney said updated security software should spot the Trojan,
but he added that modified versions of the threat could potentially
evade established security systems.