Internet banking credentials are a high-value target for online criminals. Common attack forms that try to steal credentials or at least information are man-in-the-middle attacks and trojans that are have been designed specifically to capture credentials related to financial services and websites.
Microsoft released a warning back in February 2014 about malicious Proxy Auto-Config (PAC) redirects that can be used for that purpose as well.
A PAC file is used to select proxy servers or direct connections based on web addresses that you open in the web browser. These type of files are mostly used in corporate environments and here especially on mobile devices such as laptops.
PAC files are supported by all modern web browsers and can be loaded like other proxy servers in the network settings.
Malicious PAC files are used to redirect Internet users when they try to open sites of interest. The browser is automatically rerouted to a fake website that looks like the original site. Any information or credentials the user enters on this site are stolen and may be used for malicious activities or to steal online accounts.
Users can be infected through various means, from drive-by attacks and malware to local attacks that plant the PAC file directly on the system.
According to Microsoft's study, malicious PAC files are predominantly used in Brazil, Russia, the UK and Australia.
While many attacks target banking websites, Microsoft notes that other services are also targeted, including other payment providers, email providers, or social networking sites.
Depending on which web browser you are using, you find the PAC files listed in a different location and menu.
Internet Explorer and browsers that use IE network settings (like Google Chrome)
Note: You can configure from within Chrome's settings, but you will be redirected to the Internet Options when you do.
The Firefox web browser
Use a third party program
Phrozensoft has published the Auto Config Risk Protector application for Windows today which checks Internet Explorer's proxy settings for you to notify you when a PAC file is being used.
Simply run the program and click on the scan button afterwards. The application will either report that there is no PAC file in use, or that it has found one. If that is the case, the address of it is displayed to you with options to keep it or remove it instead.
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.