Malicious applications that steal financial account information have increased dramatically over the last year, potentially resulting in a direct loss of hard currency to affected victims. While the primary target continues to be online financial systems, the methods used to gather the sensitive information vary. Attacks spread from simply spamming e-mails with links to fake web sites, which is also known as phishing, to Trojans that monitor attempts to log on to online account web services and then begin recording the pressed key strokes, take screen shots, or even redirect the whole network traffic to a malicious site.

This paper will discuss the methods that are used by online banking malware, analyze their chances of successfully stealing sensitive data, and show some of the defense techniques that have evolved to obviate their attacks.