Smokey's Security Weblog

veritas odium parit

ING Introduces Tool for Safe E-Banking on Infected PCs

ING Direct, the nation’s largest online-only bank, said this week that it was giving away a software tool that would allow customers to bank online safely at ING, even if the user’s PC was already infected with data-stealing malicious software.

ING made the somewhat bold claim in partnering with an Israeli company named Trusteer, which offers an installable program called Rapport. Trusteer’s main invester is a man named Shlomo Kramer, co-founder of Check Point Software, the company that makes and markets the ZoneAlarm firewall products. Kramer is now CEO of Imperva, an application data protection company, which he co-founded with Mickey Boodaei, who is CEO of Trusteer.

Boodaei said Rapport creates a “secure pipe” within the user’s computer that encapsulates data as it flows to the ING Direct Web site. Boodei said the software works by assuming control over the application programming interfaces or APIs in Windows, the set of tools which allow software developers to create programs that interact with key Windows functionalities.

Some of today’s nastiest data-stealing malware works by hijacking these Windows APIs. For example, keyloggers simply hijack or “hook” the Windows API that handles the transmission of data from user interfaces, such as the keyboard and mouse. A more advanced type of malware – known as a “form grabber” – hijacks the “WinIntet” API – which sets up the SSL (think https://) transaction between the user’s browser and the encrypted Web site. By hijacking this API, a form grabber can rip out usernames and passwords even when the user is submitting them into a site that encrypts the data during transmission because it grabs that information at the lower level of the operating system, before it is encrypted.

Trusteer’s software examines these and other vital Windows APIs to see if any other process is trying to intercept sensitive data. It then blocks those that do.

Source and full article: WashingtonPost.com

Advertisements

May 24, 2008 - Posted by | Friends, Malware, News, Recommended External Security Related Links | , , , , , , , , , , , , , , , , , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: