Tuesday, February 2, 2010

Botnet Sends Fake SSL Connections to Major Websites

SSL is a protocol used to encrypt communications between computers for things like e-commerce and online banking.




It's getting worse...and there "IS" a way to make it better... 




According to CNN, SSL, which is used to create "secure" sessions, on sites where financial transactions take place, is now being manipulated by the bad guys: 

Pushdo botnet has been instructing its infected zombie computers to send fake SSL (Secure Sockets Layer) connections to major Web sites, a botnet expert said on Monday. The strange traffic targeting the Web sites--including sites for the CIA, FBI, PayPal, Yahoo, and Twitter, according to a list at the Shadow Server Foundation-



Pushdo downloads different Trojans onto infected machines and has been used to send spam as part of the Cutwail spambot, according to Stewart. It is comprised of about 300,000 infected PCs and the operators, believed to be located in Eastern Europe, are leasing out its usage to criminals, he said.
"It's a typical pay-per-install system," used to distribute banking Trojans, password stealers, ad clickers, and search hijackers, Stewart said.


Time to stop dropping the ball...and replicate the brick and mortar methodology for online banking and eCommerce.  Swipe your bank issued card (which encrypts the card holder data, including the Track 2 data) and enter your bank issued PIN. 





Lets Stop Dropping The Ball...Shall We? 








Disqus for ePayment News