In a surprise twist, a security flaw has been found in IE’s impenetrable armor that allows a trojan to install its payload and monitor for passwords sent over https connections. Your account number? Now it’s everyone’s account number! Thanks for sharing.
A “Browser Helper Object” is a DLL that allows developers to customize and control Internet Explorer. When IE 4.x and higher starts, it reads the registry to locate installed BHO’s and then loads them into the memory space for IE. Created BHO’s then have access to all the events and properties of that browsing session. This particular BHO watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries.
When an outbound HTTPS connection is made to such a URL, the BHO then grabs any outbound POST/GET data from within IE before it is encrypted by SSL. When it captures data, it creates an outbound HTTP connection to http://www.refestltd.com/cgi-bin/yes.pl and feeds the captured data to the script found at that location.
Via the folks at the Microsoft advocacy site SlashDot. (Oops, I left my sarcastifier turned all the way up!)