why doesn't Zeus just steal cookies?

[nick hatch <nicholas.hatch () gmail com>]

One thing I've never understood about man-in-the-browser attacks is why a
trojan bothers with all that in the first place. I don't see how more
conventional attacks are obsolete.

Enhanced "MFA" (rarely are they true multi-factor) login systems banks use
rely on setting a cookie to recognise the device and skip the "registration"
process the next time. Some in the industry are bold enough to claim that
the PC now serves as a physical authentication factor after this process...

Why doesn't Zeus just steal the registration cookie, log the credentials,
and move on? Yes, MiTB has other advantages. However, it seems like some in
the media are treating Zeus like it walks on water for breaking what is a
pretty weak process to begin with...

-Nick

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.