PAC - the Problem Auto Config (or stealing bank accounts with a 1KB file)

Fabio Assolini Kaspersky Lab
Andrey Makhnutin Kaspersky Lab

  download slides (PDF)

Proxy auto-config (PAC): a resource from modern browsers that is extremely useful on corporate networks has been (ab)used by bad guys to steal millions from bank accounts around the world.

Its malicious usage has been known about since 2003, but it is among Brazilian (cyber)criminals that this technique has been improved and refined, and more recently shared among cybercriminals from Turkey and Russia.

The attacks are reaching a level of complexity and efficiency that has not been seen before, allowing a complete bank account hacking with just a 1KB file. Using a lot of creativity these malicious scripts allow man-in-the-middle, impersonation of HTTPS connections, in a silently web-based and highly effective attack.

These malicious scripts remain off the radar of most anti-malware companies - some have failed in detecting and blocking them. In this presentation we show the evolution of the attacks, how the bad guys are bypassing detection, the spread of the attacks and how to create a good detection to deal with the problem.

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.