Password, Username Stealing Malware Volume Jumps 400%

Looks Like this is Online Banking Security is Weak Week! Remember Carnac the Magnificent?  He used to hold up an envelope to his temple, and then provide the answer to the question that was inside.  My answer is SLIM and NONE! Channel Insider| By Lawrence Walsh Malware such as Clampi and Sinowal that steal passwords and authentication credentials are becoming far more common and dangerous. They are increasingly more adept at avoiding detection by conventional security measures and more able to defeat security precautions to prevent data theft. This threat will require all organizations with sensitive data to think beyond antivirus and firewalls.  *Hardware! Clampi, the Trojan that Secure Channel wrote about yesterday, is a fine example of why we’ll never see another Code Red, Nimda or LoveLetter virus again. The intent of malware is no longer to cause mass service disruptions, but rather to steal as much information as possible without getting detected. Trojans, worms, viruses and rootkits the likes of Clampi, Sinowal and StealthMBR are now the masters of the malicious code. McAfee’s Avert Labs released a new report that shows the volume of username password-stealing and keystroke logging malware jumped nearly 400 percent between 2007 and 2008. McAfee’s prediction: the trend will continue to expand in both volume and scope. This trend will force organizations handling even routine data to think beyond conventional antivirus applications and perimeter firewalls for their security.  Yeah...here's the no-brainer directly from the think tank: "Financial transactions need to be done outside the browser"  As Avivah Litan, distinguished analyst from Gartner so eloquently put it:   "Nothing that goes through the browser can be relied upon." The man-in-the-browser attacks that are going on against these corporate cash management applications are all circumventing one-time password," she says.   Continue Reading at Channel Insider