Currently, most security products and financial institutions defending against banking malware rely on online banking page integrity check to detect the presence of financial malware. This technique works due to the inherent mechanics of financial malware injecting into the browser's DOM space. However, this purely web-based page integrity check can be subverted in many ways. This presentation will talk about evasion techniques such as replay attack, polymorphism, inject randomisation, and DOM stealth rootkit as well as countermeasures for those in clientless way.
The presentation also includes a novel method derived from Zero Knowledge Protocol that prevents banking malware from reverse engineering secrets transmitted between an online banking client and its server by eaves dropping HTTPS traffic.