Candid Wueest ( Ireland )
Virus analyst, Symantec Security Response

Today's Threats to Online Banking

Malicious applications that steal financial account information have increased dramatically over the last year, potentially resulting in a direct loss of hard currency to affected victims. While the primary target continues to be online banking systems, the methods used to gather the information vary. Attacks spread from simply spamming e-mails with links to fake web sites, which is known as phishing, to trojans that monitor attempts to log on to online account web services and then begin recording the pressed key strokes, take screen shots, or even redirect traffic to the attackers site.

This paper will discuss the methods used today by in the wild phishing/banking malware, analyse their chances of successfully stealing sensitive data, and show some of the techniques that have evolved to obviate their attacks.

Candid Wueest graduated in computer science at the Swiss Federal Institute of Technology (ETH). He extended his experience in IT security during the last ten years while he worked for several companies, including the global security analysing lab of IBM Research chlikon. He has been with Symantec for the last two years and is currently working as a virus analyst in Symantec Ltd. Dublin. He has published various papers and articles in magazines, given interviews to radio and newspapers, and presented at many conferences like COMDEX Scandinavia.