This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Anti-Malware - Knowledge Base

From OWASP
Revision as of 15:32, 3 January 2012 by Gfedon (talk | contribs) (Introduction)

Jump to: navigation, search

Introduction

What is Banking Malware

How Banking malware deals with Web Application Security

Banking Attack Process

Early Stages

Attack Interactions

Details of Malware Attack Process

Silent Banking

Human Assistance

Banking Malware Families

Silent Banker

Adrenaline

Zeus

Limbo/Nethell

Torpig/Sinowal/Mebroot

Banking Provided Security Measures

Password

TAN (Gridcard, Scratch Card)

OTP (Time Based, Click Based)

CAP (Random Nonce, Challenge Response)

SMS Challenges

Cellphone Caller-ID

Threat Modeling for Banking Malware Attacks

Enumerate the interesting targets

Define the path to the targets (Transition graphs)

Apply trust boundaries (security measures)

Define the weaknesses of the security measures adopted

Security Rating

References

  • Kyplex AV Website Antivirus - Free website virus and malware scanner. The service is provided over the Internet. No installation required.