This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Anti-Malware - Knowledge Base

From OWASP
Revision as of 16:28, 3 January 2012 by Gfedon (talk | contribs) (How Banking malware deals with Web Application Security)

Jump to: navigation, search

Introduction

What is Banking Malware

Protecting Banking Resources

Are your resources protected?

Enumerate the interesting targets

Define the path to the targets (Transition graphs)

Apply trust boundaries (security measures)

Define the weaknesses of the security measures adopted

Appendix A: Security Considerations about Authentication Solutions and Malware

Password

TAN (Gridcard, Scratch Card)

OTP (Time Based, Click Based)

CAP (Random Nonce, Challenge Response)

SMS Challenges

Cellphone Caller-ID

Appendix B: Banking Malware Families (Active in 2012)

Spyeye

Zeus

Carberp

Tatanga

Urlzone

References