Phishing Trojan horse programs are not traditional bots, but sophisticated and original pieces of malicious code. Since iDefense began tracking this technique in May 2006, attackers have quietly seeded dozens of variants into the wild to target at least 30 specific banking institutions. These attackers had intimate knowledge of each targeted bank’s Web infrastructure and built a sophisticated command-and-control system that completely automated the attacks. The authors believe that criminal organizations are using these phishing Trojans to compromise millions of bank accounts across the globe. These Phishing Trojan attacks can defeat sophisticated authentication schemes that security experts previously thought impenetrable. This document discusses mitigation techniques that work and fail in light of these new malicious code attacks. The audience will be given an overview on malicious code attacks against the financial infrastructure and an introduction to banking authentication schemes. This document also includes cyber fraud detection and mitigation strategies.
Authentication, Online Fraud, Information Security, Malicious Code, Phishing.
To return to the Volume/Number webpage, click here.
THE INTERNATIONAL JOURNAL OF FORENSIC COMPUTER SCIENCE - IJoFCS
Volume 3, Number 1, pp 9-24, DOI: 10.5769/J200801001 or http://dx.doi.org/10.5769/J200801001
Cyber Fraud Trends and Mitigation
By Richard Howard, Ralph Thomas, Jeff Burstein, and Roxanna Bradescu
To download this paper, click here