I would hope so. We need to devise better methods to allow users to validate as much (or as little) of their own information. In this manner, we can have a sliding scale of trust that will allow interactions and/or transactions that range from the casual need (e.g., is this person a member of a group) to a more complex need (e.g., do we want to conduct legal and financial transactions with this user).
The trojan makes the legitimate user's computer do the withdrawing, so network protocols are unlikely to help, since the compromise (MiTM) is on the browser, not the network.
I agree with Henning that much of the problem here is with how the malware was able to get to the user's system in the first place. The browsing user may have been tricked into installing a "fun game" or something. It is unlikely the user understood that he was installing a privileged program. Once the user's bank credentials are stolen, the gig is up.
However, perhaps somethings can still be done at the network level to detect/repair the problem. Perhaps, the bank can certify all servers/content streams that might possibly occur while a client is performing a banking operation? An infected user interacting with his bank site would be notified that unexpected communication is occurring. If not done well won't help the unsophisticated user (i.e. user account control).
My understanding of the operation of the malware is that it issues commands on the TLS channel with the bank to transfer funds, and then modifies the web page returned so that the user doesn't see that they just transferred their life savings to the Ukraine, via some mule. Thus, the network traffic looks pretty much normal.
Comment
You need to be a member of Future Internet Summit to add comments!
You need to be a member of Future Internet Summit to add comments!
Join Future Internet Summit