"Man in the Browser" Attack Automates Bank Fraud

Trend Micro says Automatic Transfer System circumvents latest in banking security measures

News provided by

Jun 18, 2012, 08:00 ET

CUPERTINO, Calif., June 18, 2012 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704;TSE: 4704), the global cloud security leader, today released a threat report that identifies an Automatic Transfer System (ATS) which allows cybercriminals to breach new bank security measures and clean out a victims' bank accounts without leaving signs of criminal activity.

The report, written by Trend Micro's Senior Threat Researcher, Loucif Kharouni, discusses how the ATS tool is used in conjunction with SpyEye and ZeuS malware variants to create a "Man in the Browser (MitB)" attack. The attack does not require the criminal to be online during the victim's session and will automatically conduct a wire transfer using the victims' credentials, without alerting them.

Entitled "Automatic Transfer System, a New Cybercrime Tool" the report documents attacks that have been directed towards banks which are using enhanced security measures, such as those that impose daily account transfer limits and use two-factor authentication through SMS notifications. Banks in Germany, the United Kingdom and Italy have been targeted the most for these attacks.

"The attacks are of particular concern because they circumvent traditional and even enhanced online banking security measures," said Tom Kellermann, VP Cybersecurity, of Trend Micro. "Due to the seemingly imperceptible way that this ATS tool modifies records, endpoint solutions must be used to prevent infections from starting or to detect the threat after it has already affected a machine. Users should also update their endpoints security systems frequently to ensure they afford themselves the best chance to prevent these attacks."

The ATS tool currently only affects bank accounts where a PC running Windows is used to access bank records. Unlike previous cybercrime tools that interact with SpyEye and ZeuS, the ATS tool also does not prompt pop-up displays and will automatically perform several tasks such as checking account balances, conducting wire transfers and modifying account transactions to hide traces of the tool's presence. No banks in the United States have reported to be affected yet, but previous threats that have been linked with SpyEye and ZeuS create the possibility that the tool can be repurposed to attack banks in the United States.

About Trend Micro
Trend Micro Incorporated (TYO: 4704;TSE: 4704), the global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years' experience, we deliver top-ranked client, server and cloud-based security that fits our customers' and partners' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro Smart Protection Network cloud computing security infrastructure, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.

Additional information about Trend Micro Incorporated and the products and services are available at Trend Micro.com. This Trend Micro news release and other announcements are available at http://newsroom.trendmicro.com/ and as part of an RSS feed at www.trendmicro.com/rss. Or follow our news on Twitter at @TrendMicro.

SOURCE Trend Micro Incorporated