"Security improvements including two factor authentication on the Webservice Provider End may not improve the security of online users from phishing attacks!"
Sydney, Australia, January 18, 2006 -- The number of Spyware/Trojans that attempt to steal user names and passwords from a compromised computer increased drastically in 2005 with more and more focusing on online banking information. (See e.g. PWSteal.Bankash.G(1)) This is backed by findings of the various Anti Virus Vendors that the trend continues to target smaller but specific groups rather than performing large scale phishing attempts (2)(3).
This fact, together with the findings of the AOL/NCSA Online Safety Study in December 2005 (4), that a horrific 81% of the home computers are lacking core protection (like Antivirus or Spyware Protection),suggests that 2006 will be ill-fated.
While the Security Improvements of the online banks are greatly appreciated e.g. the two factor authentication, it is becoming obvious that none of the deployed systems can be a general solution of the underlying problem. It just makes the task a bit harder for the bad guys. Bank of Americas new Sitekey Feature for example does a good job protecting against old-style Phishing Attempts, however sophisticated Trojans can easily circumvent this security measure by additionally stealing the information of the corresponding cookie which is an easy task to do! said Alex Horst, Chief Security Architect.
Horst proceeds: This problem will only be solved by integrating the home users computer into the overall security chain to make sure that no malicious software is running during an online banking session. The recent Windows WMF vulnerability the worst ever found on the Windows platform proves that online banks and other online business providers can not assume that the home users computer is safe, in fact, they must assume the opposite
Paul Pepper, Managing Director Esendex Australia says that The TrustDefender Solution confirms to the user that they are genuinely connected to our site and confirms to us that the users computer is safe and secure and conforms to our security policies
TrustDefender will launch its Secure Policy Engine in the first quarter 2006 where Online Businesses can define and enforce Security Policies for the home users computer including only allowing specific software groups. Everything else including possible malicious programs will be denied by default! A live demonstration is available at http://www.trustdefender.com/movies/gap-securelockdown.htm
For a free evaluation version of TrustDefender or for more information on protecting yourself against the increasing number of internet threats, please visit http://www.trustdefender.com
Ph: +61 2 8221 9765
Press Contact: Ted Egan
Company Name: TrustDefender
Email: email protected from spam bots
Phone: +61 2 8221 9765