Yesterday at Microsoft’s MIX08 conference we had a chance to see a presentation of new Internet Explorer 8. Microsoft officials proudly presented new IE8 feature, the Safety Filter, new step in advanced security features the company has developed. The Safety Filter blocks known Phishing sites and sites known to contain malicious software that could harm users computer or steal their information. Beyond this improved protection, the Safety Filter operates more quickly than ever before to ensure that users can browse both safely and quickly.

Symantec researchers reported about the Trojan Silentbanker targeting more than 400 banks including the household names in the U.S. and other financial institutions in the world and hangs in the background to intercept transactions with two-factor authentication. This Trojan performs man-in-the-middle attacks on valid transactions and has the ability to intercept transactions that require two-factor authentication. Then silently change the user-entered destination bank account details to the attacker’s account details instead. Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker’s details instead. And since the user doesn’t notice anything wrong with the transaction, they will enter the second authentication password, in effect handing over their money to the attackers. The Trojan intercepts all of this traffic before it is encrypted, so even if the transaction takes place over SSL the attack is still valid. Symantec notes that the Trojan adapts based on what it needs. It tries the easiest attack vector and then works up to the more difficult approaches. The Trojan can also download updates and other executables and it can use the infected machine as a proxy or as a Web server on any chosen port. For protection, please keep your antivirus definitions up to date and keep your eyes on the firewall.

As tax season started in US more and more phishing attacks are showing up. This one are spreading via email and represents as Internal Revenue Service. In the email text recipient is informed that has tax refund of $270,25 dollars. If you follow the link it will lead you to the infected astrasong.ru/mp3/ webpage. This threat is not very intelligent but as tax deadline gets closer we are sure more and more intelligent attack will show up. It is advisable to double check every email you get before following any links provided.

Netcraft is reporting about latest phishing scam on an Italian banking website. Hackers has developed new methods that are almost impossible to track. The attack, targeting Banca Fideuram, reaches users via the usual route of an authentic-looking email using a pretext to ask users to log into the bank’s site. Despite the SSL certificate, the attackers have been able to inject an IFRAME into the login page, loading a login form which is hosted on a web server in Taiwan. IFRAME is a common way of inserting external content into a web page and a malicious payload could be delivered using the vulnerable GET parameter. In that case the browser would, in addition to displaying “https” at the start of the URL, also display a locked padlock icon. In this Italian bank case attackers used the URL and injected a series of numbers directly into a JavaScript function call that already exists on the bank’s legitimate LoginServlet page, making the bogus URL nearly identical to the real one. The injected form transmits users’ data to Taiwan before redirecting users to the bank’s unaltered homepage. Banca Fideuram has been contacted about the problem and phishing site is blocked in Netcraft’s anti-phishing toolbar and in PhishFeed.