Proceedings of the 7th Australian Information Security Management Conference
Obviously, malware extensions often attack the Windows registry by inserting the DLL files in the registry keys to then attack the users. Windows registry is a core component of Windows system which stores system preferences, user settings and installed applications. Therefore, if the malware application is installed, it can automatically launch itself at computer start-up. To effectively remove malware extension from Windows registry, all the registry keys and the values associated must be deleted. Another possible threat from the add-ons attack could occur via Microsoft .NET Framework assistant which exploits the Firefox and the IE on any version and works as an uninstalled mode from the add-on list Firefox (except Windows 7) unless removed from the Windows registry directory (Keizer, 2009). It is installed without user approval. However, Microsoft has released the patches provided in the MS09-054 update to protect the Trojan add-ons. Beside, users could still disable the add-ons in Firefox by selecting Tools>Add-ons>Plugins, selecting Windows Presentation Foundation and clicking Disable.
RISK MITIGATION Authentication securities, such as virtual keyboards, are still vulnerable to Trojans which can perform a screen or a video capture to bypass them (Ståhlberg, 2007). However, many private security companies are developing applications or tools to prevent man-in-the-browser attacks. Banks may begin to use multi-factor authentications, with separate devices being an option to provide robust defences to shield their customers from man in the browser attacks. These developments are described below.
Anti-man in the browser Trojan technology Ståhlberg (2007) described how banks and financial organisations can prevent their customers from being attacked by Trojans by monitoring for any anomalous web service access. Banks can also provide their customers with a list of passwords, as shown in Figure 3, so that they may use a random password, and by allowing each password to be used only once. This makes customer authentication of an online banking system more secure.
Figure 3- A typical one-time password (OTP) scheme used by European banks (Ståhlberg, 2007, p. 2).
TriCipher technology The TriCipher Armored Credential System (TACS) enhances the device for client authentication to protect the initial login web applications and transaction authentication used to verify the authenticity of online transactions (Litan & Allan, 2006). The device enables users to extend their authentication infrastructure to implement transaction authentication without any additional hardware, software, or change in the user experience. It works by displaying details of each transaction, which the users can verify by entering the passwords and clicking a mouse.
Rapport protection technology Rapport uses its vaults technology to defeat man in the browser attacks. Rapport controls communication and protects websites with API blocking between add-ons and the browser, when an add-on tries to perform an unauthorised operation such as read passwords or inject transaction during a session (Trusteer, n.d.).
Virtual Cryptogram This is a virtual signing technology that uses the camera in the customer’s mobile phone or a dedicated optical token. It removes the need for the awkward authenticators and time consuming re-keying of the challenge codes or the transaction
115| P a g e