StoneBlog.stonesoft.com

Hi all,

In Finnish News-Site Tietoviikko, there’s an article about rather nasty malware known as Bank.Patch. If the malware gets into a Windows computer, it sits there silently waiting for the user to connect to a net bank. When the user connects to the bank, the worm modifies the user’s money transfers by changing the destination account. The malware is also able to falsify the browser’s view of the netbank, so that the user won’t see the modified account numbers. Rather nasty?

Well how can the malware get into a user’s computer?

This kind of malware spreads via web browser exploits. The user has a vulnerable browser and he connects to a hacked web site or to a site intentionally set up by attacker. Then the site will exploit the browser and install malware. Usually this happens silently, so the user won’t know he’s been hacked. And these attacks might penetrate firewalls. Remember that it is the user initiating a normal connection to a web site, which is usually allowed.

Well we in Stonesoft are committed to increase client-side security, such as protecting web browsers. The deep inspection in the StoneGate Firewall and especially the StoneGate IPS product are able to protect vulnerable web browsers from malicious web sites. StoneGate products are able to block a lot of browser exploits, see:

But if it still happens, that your computer gets the malware, the situation HTTP_CS-Bankpatch-Trojan-Request will be triggered, as the malware tries to call home for instructions. So you’ll know if you’ve been infected.

//Opi

written by Olli-Pekka Niemi - 1,391 views \\ tags: Malware