Malware Performs Suspected Man-in-the-Middle Attack on Secure Connections

 

 

A man-in-the-middle attack can happen to anyone. It is composed of a combined malware and Trojan installation but might appear as an SSL issue. If you see any correct certificate warning, be alerted and do not simply click any button to accept it. Recently, there are reports and investigations going on saying that there’s a self-signed certificate claiming to be from “Thawte.” If you are not familiar with this, you can be an instant victim! At one quick glance from Google results, you can learn that Thawte is one of the major CA trademarks owned by Symantec. However, this certificate was never issued by them.

 

The implication is that the suspect does not want himself to be known, as he presented himself as a poser to trick the public netizens. When users make the mistake of accepting the certificate, they will be subject to some consequences of malicious intentions.

 

Affected sites vary in factors and this is regardless of the physical location and the network. Fortunately, a forum member named Sam Van den Vonder has taken a sample of the malware attack and forwarded it to Symantec and Microsoft for further investigation and analysis. What resulted was that the malware is classified as a Trojan horse, specifically the Tatanarg variant named Trojan.Tatanarg.B.

 

Folks at these groups have suspected that this malware attack has been formed and spread to steal personal information, particularly banking information. Through the man-in-the-middle tactic, these culprits can have the ability to step into the HTTPS connections to websites and playact them as a server. When an independent server connection is made from the user’s end, the user will see an acceptance of security certificate. Once clicked to accept, the malware can receive feeds from whatever the user is visiting and entering on web pages. It’s possible then to get user information and credentials including passwords and bank account information.

 

Symantec and Microsoft have seen that there’s not only one Trojan that’s bothering users at this time but many more. When users fail to know about this immediately, their money in banks could be transferred to the suspect. The best protection is to not click any of these untrusted certificates or just to process reinstallation of the computer’s operating system.

 

Getting more technical, it’s also advisable to always encrypt any data that you pass to other servers and sites. In this way, hackers and malicious guys won’t be able to decrypt them and take advantage of them for the wrong reasons.

 

 

Nowadays, as technical movements are improving, the attacker or the bad guys also have improved tactics to spoil your day. Whether it be stealing money from your backdoor or doing other things to ruin your identity online, you should prevent such schemes by changing your passwords often (if you don’t know your computer is already affected). When logging on to sites which require confidential information, make sure that you are not using a public network to avoid such costs. Fake security certificates are still now in circulation. Another safety step is to disable all your browser plugins and enable them only as needed.