As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

managed ids, content filtering, outsource security, vulnerability testing, internet security, managed intrusion detection, managed firewall, security audit, penetration testing, network security, information security, managed security, Firewall Notification, Voice Over IP, Fixed Costs, Security, Auditing, Reporting, Policy, Monitoring, Networks, Protection

  BAI Security works with internal IT teams to provide firewall and IDS management, content filtering, custom threat alerts, Internet and network security and penetration and vulnerability testing.BAI Security works with internal IT teams to provide firewall and IDS management, content filtering, custom threat alerts, Internet and network security and penetration and vulnerability testing.  
  ServicesAbout UsPartnersNewsContact  
   
 
 
Articles & Press Releases

Web Pop-Ups Stealing Banking Passwords

Customers who use a number of the top online banking sites are at risk of falling prey to a new Web-based attack that snatches user IDs and passwords for these sites.

Among the sites targeted by the attack are some owned by Citibank, Deutsche Bank and Barclays Bank.

The attack is rather complex and appears to use a known flaw in Internet Explorer (IE) to drop a Trojan horse program on vulnerable machines. The Trojan is delivered through a malicious pop-up ad that loads a file called "img1big.gif" onto the machine. The file is in fact a compressed Win32 executable that contains the Trojan and a DLL.

The DLL is installed on the PC as a BHO (Browser Helper Object), a type of DLL that normally is used to let developers control IE in certain circumstances.

When IE runs on a machine infected with the malicious BHO, the file monitors IE's activities for any HTTPS sessions with URLs that have any of a large number of banking-related strings in them.

Once IE establishes an outgoing HTTPS connection—which is secured using SSL encryption—to one of these URLs, the BHO collects all of the outbound POST or GET data before it is encrypted, according to an analysis of the attack done by researchers at The SANS Institute's Internet Storm Center. The attack affects IE 4.x and later.

The BHO then starts a separate session that encrypts the captured data and sends it to a script running on a remote Web server. The stolen information will often include users' user IDs and passwords, which are often the first things entered after starting a secure session with an online banking site.

BAI Security is protecting it's Managed Security customers by blocking sessions to the Trojan infected sites before they can distribute the Trojan inside the organization.  In addition, all outbound traffic is also monitored for signs of the Trojan making an attempt to connect and transmit confidential data outside the organization.  

 

Find out how the professionals at BAI Security can help you secure your business. Contact Us Today »

 

Sign up Now!
 
 

    © 1995-2010BAI Security Inc. All Rights Reserved. Privacy Policy | Sitemap