|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Finnish Communications Regulatory Authority (FICORA) Switchboard +358 9 69 661 Television fees Customer service of Fi-domain names +358 9 6966 700 |
11.04.2008 CERT-FI information security review 1/2008: Finnish internet banking sessions hijacked by malwareAttacks made against Finnish banks still remain rare although malware spread in e-mail messages succeeded in hijacking internet banking sessions in February this year. The subject of the spam campaign messages sent to Finnish addresses was either an alleged nuclear power accident in the central Finland city Mikkeli or a contact request from "Tatjana" looking for company. The links in the message directed users to a website potential to infect one's computer with a malware counted as bank Trojans. The malware enabled third parties to transfer money from accounts during internet banking sessions without the users knowing about it. CERT-FI released notices of vulnerabilities related to the handling of package and archive formats, some of which can enable the execution of the attacker's program code in the computer. Vulnerabilities affect the safety of tens of software because information is packed or filed in nearly all applications. Many popular Finnish, e.g. banks', websites had cross site scripting vulnerabilities which enable that the user is lured. Vulnerabilities can also be used for mischief. Cross site scripting (XSS) vulnerability enables third parties to expose their content as part of the authentic website when the user has moved to the website via a link formed in a certain way. Software vulnerabilities are used for spreading malware and hijacking computers. During the first quarter, CERT-FI published 37 alerts on vulnerabilities and 19 Information security now! articles. No warnings were released during this quarter. This information appears in the information security review for the first quarter of 2008 released by FICORA's CERT-FI unit responsible for solving information security incidents. The review looks at the most significant threats to information security, such as malware and their effects in Finland as well as development trends in data break-ins and vulnerabilities. The review also reflects upon future prospects. The objective of the review is to support companies and organisations in their attempts to increase the management of information security risks. CERT-FI information security review 1/2008 [pdf] Further information:
|
