Friday, March 17, 2006

Brazilian bank trojans

I was impressed today when I read this story from The Register. Trojans that capture mouse clicks to defeat "screen keyboards" are common here in Brazil for more than 2 years. Are we (Brazilian infosec people) failing to report these things to the international community?

I remember reviewing forensics information from ftp servers used by these trojans a couple of years ago. There was a lot of little images with the area that has been clicked by the user, together with txt files with typed passwords. One of those trojans was also capable of stealing private key information from the user.

These trojans perhaps are the main motive why Br banks are distributing cards with passwords to be used in a "one time password" like scheme, like this one from Banco Itaú:

No comments:

Post a Comment