Two-factor banking security systems threatened by Trojan

Internet banking authentication systems including two-factor security systems are being threatened by a new Trojan.

Internet banking authentication systems including two-factor security systems are being threatened by a new Trojan.

The new Trojan, spotted in various forms in recent weeks, poses a potentially serious threat to most authentication systems being rolled out by banks to protect their electronic customers.

"Most of the banks' two-factor authentication systems centre around the use of a customer-supplied password, plus a unique, one-time code generated by an electronic token such as a SecurID unit or a user's mobile phone," said Geoff Sweeney, CTO at security behavioural analysis firm Tier-3.

"This new Trojan, called Silentbanker, allows hackers intermediary access to the information stream from the user, allowing them to create a man in the middle type attack during an e-banking session.

"This effectively counters the protection afforded to users by the two-factor authentication technology," he said.

Sweeney said updated security software should spot the Trojan, but he added that modified versions of the threat could potentially evade established security systems.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close