Entrust Stops Man-in-the-Browser Malware

Man-in-the-browser malware — such as Zeus or Zbot — is the latest critical threat that is actively defrauding consumers, business banking and financial institutions. Innocent organizations are being targeted, resulting in large losses and legal action against banks.

Unfortunately, traditional security methods — antivirus protection, strong authentication and legacy fraud detection — are not affective against man-in-the-browser attacks, including Zeus and Zbot. And current solutions that can address the problem tend to be expensive, hard to use and difficult to deploy.

Entrust is the only vendor that currently offers three distinct and highly effective methods of addressing man-in-the-browser attacks — fraud monitoring of user behavior; SMS with transaction details; and out-of-band transaction verification and signature techniques on a mobile application.

Download Defeating Man-in-the-Browser Malware White Paper

The latter of the three is made possible by the latest Entrust IdentityGuard tool. Leveraging standards-based, out-of-band techniques, and without requiring any specialized hardware, Entrust IdentityGuard Mobile is the only mobile authentication method on the market that addresses man-in-the-browser malware threats — effectively and without user inconvenience.

fraud_monitoringFraud Monitoring of User Behavior

The Entrust TransactionGuard fraud detection solution enables organizations to seamlessly monitor user behavior for transactions, account access and more. This real-time approach has been proven effective for stopping Zeus and Zbot MITB malware — all in a way that is invisible to the end-user.

out_of_bandOut-of-Band Transaction Verification

Leveraging a user’s existing device (e.g., mobile phone, smart phone), Entrust can verify online transactions via out-of-band SMS communication. This convenient, cost-effective approach takes advantage of existing user devices to defeat MITB malware.

mobile_transactionMobile Transaction Verification & Signature

The most convenient, easy-to-use strong authentication method available today, Entrust IdentityGuard Mobile enables out-of-band transaction verification, OATH-compliant signatures and even a method to immediately report suspicions account behavior. The end-user isn’t forced to enter any data within the smartphone application, only a straightforward Web confirmation code to complete the transaction.