What measures can we take to protect the issuance of malware slips that alter the digitable line?

Asked

Viewed 345 times

4

In addition to PDF issuance, which can hinder some customers by the lack of PDF viewers, what techniques could we use to protect or detect that the generated billet has been modified by malware?

Virus that affects billets already infects 192 thousand computers

A report released by the electronic security company RSA shows that at least 192,000 computers have been infected by a virus that changes the numbering of bank notes. Moreover, according to analysis, most of the affected machines are in Brazil.

According to RSA, the virus is triggered by email and changes the numbering of bank slips at the time of online payment, diverting amounts to a gang’s account. Most victims is from the Southeast region and it has been identified that 75% of them use the Windows 7 as operating system. Hotmail users are the majority among those affected by the problem.

According to information from Info magazine, 496 thousand tickets were generated false, many of them with values of up to R $ 1,5 one thousand. The total amount estimated fraudulent documents can reach R $ 8,5 billion. A RSA warning of delay in payment processing and slowness in navigation may be indications that your machine is compromised.

Source: Tecmundo

javascript html security-guard billet

  • If I got the news right, she says that the number of the ticket is changed at the time of payment, IE, the time that the guy puts the number on the bank site, so even if it was a paper ticket there that the guy typed everything manually would still be modified by malware

  • In fact, the virus alters the html code of the page with the ticket, so even if you print and pay at the checkout, it will print with the typing line and the barcode of the forgers, and the money goes to them. source: http://tecnoblog.net/129088/malware-brasileiro-boletos/

  • an alternative would be to assemble the typeable line with images of the numbers, the client would have to type manually, but the virus could not modify it, because it would not even detect it.

1 answer

2

You could mount the digitable line with images of the numbers, or generate "on the fly" an image with the whole number, but this would make the client have to type it manually, without being able to copy and paste.

Another option would be to try to obfuscate it with hidden HTML elements like in the example below:

041192.11800 26238.100007 19275.041424 2 61480000069739

The HTML code would look like this:

<style>
   .nro { display:none; }
</style>

<span class="nro">Primeira parte da numeração</span><span>041192</span>.<span>11800</span> <span class="nro">Continuação da numeração</span><span>26238</span>.<span>100007</span> <span>19275</span>.<span>041424</span> <span>2</span> <span class="nro">Ultima parte da numeração</span><span>61480000069739</span>

I believe that so the malware could not detect it.

Or using jquery:

<script>
$(document).ready(function() {
var nr1 = '041192';
var nr2 = '11800';
var nr3 = '26238';
var nr4 = '100007';
var nr5 = '19275';
var nr6 = '041424';
var nr7 = '2';
var nr8 = '61480000069739';

$('#ld').html(nr1 + '.' + nr2 + ' ' + nr3 + '.' + nr4 + ' ' + nr5 + '.' + nr6 + ' ' + nr7 + ' ' + nr8 );
});
</script>

<span id="ld"></span>

obviously assemble the <script> on the server side, and to make it harder, you could still use base64_encode on the numbers, only you would have to implement a function in javascript to decode, or even create encoding and decoding from scratch.

Browser other questions tagged javascript html security-guard billet

You are not signed in. Login or sign up in order to post.