Santander has become the latest online bank to start using Trusteer’s Rapport browser plug-in, one of the few security tools that guarantees to successfully block all current variants of the predatory Zeus Trojan. From this week, online bank account customers will be offered the tool as a free but non-compulsory download, which can then be installed to work with all major browsers.
The tool can be used by anyone, but works at its most secure level when integrated with online banking systems that set up an encrypted channel for communication between the client and server.
The need for such tools to ward off attacks from sophisticated online bank Trojans such as Zeus/Zbot was underlined this week by the arrest of a gang alleged to have stolen up to £30 million from UK online bank customers.
“We are seeing the level of attacks by cybercriminals broadly increasing both in terms of volume and sophistication,” commented Santander’s head of information security, Mick Paisley. “Taking precautions can have a disproportional protective effect, customers don’t have to do much to significantly increase their levels of protection, and Trusteer is one of those things which provide a significant benefit with minimal effort,” he said.
Some antivirus products will also block variants of Zeus, but the advantage of putting security in the browser is that it is only securing a subset of application behaviour, a much smaller and more manageable security task.
Trusteer’s Rapport is not the only product that can block in-browser threats such as Zeus. Dell Kace recently launched a virtualised browser and IronKey also loads its own version of Firefox on the S200 USB drive. The future of online bank security might yet lie with isolated browsers.
The adoption of browser plug-ins such as Rapport is a clear sign that banks have finally woken up to the problem of insecure browsers and PCs. This is not entirely a surprise – in most cases in the UK they will end up footing the bill for malware-driven fraud.