Latest Zeus Banking Trojan Steals Digital Certificates and Browser Cookies

The latest version of the Zeus banking trojan steals not only usernames and passwords from infected computers, but it also appears to steal digital certificates and cookies from browsers. Cookies and certificates are often used by websites to authenticate a user, in addition to username and password. By stealing these credentials from a user’s computer, criminals can potentially access a variety of online sites and accounts of the victim.

One benefit to using a hardware PKI token is that the signing keys are stored on the device, and cannot be exported or stolen. This means that stealing a certificate from a browser is not effective, as you also need the private RSA key to be able to use the client-side certificate to log into a website.

This entry was posted on Friday, August 6th, 2010 at 6:31 pm and is filed under Ironkey News. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Latest Zeus Banking Trojan Steals Digital Certificates and Browser Cookies

The latest version of the Zeus banking trojan steals not only usernames and passwords from infected computers, but it also appears to steal digital certificates and cookies from browsers. Cookies and certificates are often used by websites to authenticate a user, in addition to username and password. By stealing these credentials from a user’s computer, criminals can potentially access a variety of online sites and accounts of the victim.

One benefit to using a hardware PKI token is that the signing keys are stored on the device, and cannot be exported or stolen. This means that stealing a certificate from a browser is not effective, as you also need the private RSA key to be able to use the client-side certificate to log into a website.

This entry was posted on Friday, August 6th, 2010 at 6:31 pm and is filed under Ironkey News. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

You must be logged in to post a comment.