This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Anti-Malware - Knowledge Base"

From OWASP
Jump to: navigation, search
(Evaluate the Maturity of your Organization against Banking Malware)
(Banking Malware Attack Process)
Line 2: Line 2:
 
=== What is Banking Malware ===
 
=== What is Banking Malware ===
 
=== How Banking malware deals with Web Application Security ===
 
=== How Banking malware deals with Web Application Security ===
 
== Banking Malware Attack Process ==
 
The process involving Malware attack require the subsequent verification of each of the following steps to be successful. We consider an attack to be successful if the attacker obtain a financial gain from the initial client attack. The first two steps do not involve the Banking infrastrucure, while some other are tightly connected since attackers need to use the functionalities offered by the hacked online bank accounts to do cash outs.
 
 
From user infection to cash out process:
 
(Image is missing)
 
 
This is a chain of required steps. Attackers need to perform successfully each of these for turning the attack into a monetary gain. For this reason the process can be reasonably stopped at any level. As in other cases a defense in depth approach is suggested to be effective against the weakest link of each part of the attack.
 
 
Infection of User clients and pcs
 
Exploitation of client side vulnerabilities (during internet browsing)
 
Spam (Infection delivered via Email)
 
 
Hiding The Infection and creating the Permanent threat
 
Packers
 
Modded Builds
 
Rootkit (and Bootkit)
 
 
Stealing of Auth credentials
 
KeyLogging and Form Grabbing
 
Video Grabbing
 
WebInjects
 
 
Storing of Auth credentials
 
Standard Dropzone
 
Fast Flux Based Server
 
Instant Messaging and P2P network
 
 
Hiding The Operations
 
Data Tunnelling
 
Modification of Contact Details
 
User Interface Restoring
 
 
Cashing Out
 
Money Transfer
 
Mobile Phone Charge
 
Pump and Dump
 
  
 
== Protecting Banking Resources ==
 
== Protecting Banking Resources ==

Revision as of 16:17, 3 January 2012

Introduction

What is Banking Malware

How Banking malware deals with Web Application Security

Protecting Banking Resources

Are your resources protected?

Enumerate the interesting targets

Define the path to the targets (Transition graphs)

Apply trust boundaries (security measures)

Define the weaknesses of the security measures adopted

Evaluate the Maturity of your Organization in this context

Appendix A: Security Considerations about Authentication Solutions and Malware

Password

TAN (Gridcard, Scratch Card)

OTP (Time Based, Click Based)

CAP (Random Nonce, Challenge Response)

SMS Challenges

Cellphone Caller-ID

Appendix B: Banking Malware Families (Active in 2012)

Spyeye

Zeus

Carberp

Tatanga

Urlzone

References

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Anti-Malware_-_Knowledge_Base&oldid=122191"