Transaction Generators: Root Kits for the Web
Authors: C. Jackson, D. Boneh, and J. Mitchell
Abstract:
Current phishing attacks focus primarily on stealing user credentials
such as passwords. In response, web sites are deploying stronger
authentication and backend analytics systems. These tools are designed
to make it harder for phishers to extract value from stolen
passwords. We anticipate that phishers will adapt in response. In
particular, we expect to see huge growth in the use of a different
type of botnet malware called a Transaction Generator or TG for
short. A TG waits for the user to log in to his account at a site and
then issues transactions on behalf of the user. We discuss a number of
mechanisms by which TGs can hide their tracks so that users have no
idea that fraudulent transactions were issued by their machine. We
also describe a mitigation system, called SpyBlock, that can help
reduce the damage caused by TGs.
Reference:
In proceedings of the 2nd USENIX Workshop on Hot Topics in Security, 2007
Full paper: pdf