Bypassing malware detection mechanisms in online banking.

Online banking applications are particularly exposed to malware attacks. To minimize losses, banks started investing in malware detection mechanisms which are not running as programs on client machine but either server-side or by JavaScript in the risky webapplication. They do not prevent users from installing malware but rather detect already installed one.

We have tested many solutions fitting into Gartner's "Web Fraud Detection" group, which are using different detection methods such as behavioral patterns, web injects signatures or user input analysis. Our research points out clearly: even "100% malwareproof solutions" have serious implementation errors. It is only a matter of time when malware creators will start targeting their guns against these vulnerabilities, effectively bypassing or abusing costly countermeasures. Is it a road to failure or can we improve them?

We have got examples of vulnerabilities in software from magic quadrant, as well as local antimalware solutions sold for Polish banks. Presentation is mainly concentrated on risks in banking industry and malware which is stealing money.

Język prezentacji: angielski