Comment: Same trojan attacked Dutch bank (Score 3, Interesting) 196
The Dutch bank was attacked by the 'man in the browser' type of trojan, which cached the output from the challenge-response between user- and bank. This bank by default performs two challenge-response sequences;
1) when loggin in
2) when confirming a transaction
A third, is performed when transferring large amaounts of money.
Appearently, the trojan told the customer the first attempt had failed, (while in the background preparing a transaction, which could be verified by the bank, because the client was so kind to re-autenticate (this time to the transaction challenge, while they were still thinking it was the login challenge)
Here's the story (in Dutch, hurrah)
http://tweakers.net/nieuws/48895/Virus-ontfutselt- geld-van-klanten-ABN-Amro-update.html
/steven
1) when loggin in
2) when confirming a transaction
A third, is performed when transferring large amaounts of money.
Appearently, the trojan told the customer the first attempt had failed, (while in the background preparing a transaction, which could be verified by the bank, because the client was so kind to re-autenticate (this time to the transaction challenge, while they were still thinking it was the login challenge)
Here's the story (in Dutch, hurrah)
http://tweakers.net/nieuws/48895/Virus-ontfutselt