|
A newly discovered Trojan is intercepting the TAN codes used as security tokens by customers of two major German banks, Postbank and Deutsche Bank, according to anti-virus experts. Until now, TAN codes were considered to be pretty safe, in particular against phishing attacks, as these tokens are sent either through (snail) mail or by SMS.
Banks using one-time-passwords have also been targeted in Spain and the UK by MetaFisher, otherwise known as Spy-Agent and PWS. After infecting a computer, the Trojan horse waits until the user visits a legitimate bank website, then injects malicious HTML into certain fields there. The program then hijacks one-time-use PINs and transaction numbers as the person enters them into the fields.
"TAN codes have been used for years, particularly by German banks," said John Brand, MD of authentication company identrica. "Over the past few months we’ve seen various reports of man-in-the-middle attacks, and now this Trojan. It looks as if the banks may need to look at stronger alternatives."
identrica provides robust, two-factor authentication which defeats Trojans and phishing attacks using mobile phones as physical 'tokens'. The system does not use one-time-passwords "Because identrica uses telephone signalling data, it’s ‘out of band’ which makes things much more difficult for man-in-the-middle attackers," says Brand.
Take a demo online...
View our Flash solution walkthrough
|
