Winning the Online Banking War

Black Hat USA 2015

Presented by: Sean Park
Date: Wednesday August 05, 2015
Time: 11:30 - 12:20
Location: Mandalay Bay GH

Currently, most security products and financial institutions defending against banking malware rely on online banking page integrity check to detect the presence of financial malware. This technique works due to the inherent mechanics of financial malware injecting into the browser's DOM space. However, this purely web-based page integrity check can be subverted in many ways. This presentation will talk about evasion techniques such as replay attack, polymorphism, inject randomisation, and DOM stealth rootkit as well as countermeasures for those in clientless way.

The presentation also includes a novel method derived from Zero Knowledge Protocol that prevents banking malware from reverse engineering secrets transmitted between an online banking client and its server by eaves dropping HTTPS traffic.

Sean Park

Sean Park is a senior malware scientist at Trend Micro, researching various one-to-many detection methodologies such as autonomous malware campaign analysis system using machine learning. He previously worked for Kaspersky, FireEye, Symantec, and Sophos. He also created a critical security system for banking malware at one of the top Australian banks while battling with many core banking threats.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats