PAC - the Problem Auto Config (or stealing bank accounts with a 1KB file)

Fabio Assolini Kaspersky Lab
Andrey Makhnutin Kaspersky Lab

  download slides (PDF)

Proxy auto-config (PAC): a resource from modern browsers that is extremely useful on corporate networks has been (ab)used by bad guys to steal millions from bank accounts around the world.

Its malicious usage has been known about since 2003, but it is among Brazilian (cyber)criminals that this technique has been improved and refined, and more recently shared among cybercriminals from Turkey and Russia.

The attacks are reaching a level of complexity and efficiency that has not been seen before, allowing a complete bank account hacking with just a 1KB file. Using a lot of creativity these malicious scripts allow man-in-the-middle, impersonation of HTTPS connections, in a silently web-based and highly effective attack.

These malicious scripts remain off the radar of most anti-malware companies - some have failed in detecting and blocking them. In this presentation we show the evolution of the attacks, how the bad guys are bypassing detection, the spread of the attacks and how to create a good detection to deal with the problem.

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.