What steps can we take to protect ticket issuance of malware that changes the digitable line?

4

In addition to the PDF issue, which may make it difficult for some customers to lack PDF viewers, what techniques could we use to protect or detect that the generated ticket has been modified by malware?

  

Virus that affects tickets already infects 192 thousand computers

     

A report released by the RSA electronic security company shows   that at least 192,000 computers have been infected by a virus that   changes the number of bank tickets. In addition, according to   analysis, most affected machines are in Brazil.

     

According to RSA, the virus is triggered by email and changes the   numbering of bank tickets at the time of online payment,   diverting the values to the account of a gang. Most of the victims   of the Southeast region and it has already been identified that 75% of them use   Windows 7 as an operating system. Hotmail users are majority   among those affected by the problem.

     

According to Info magazine, 496 thousand tickets were generated   many of them with values of up to R $ 1.5 thousand. The total value   estimated fraudulent documents can reach $ 8.5 billion. THE   RSA warns of delay in payment processing and slowness in   navigation may indicate that your machine is compromised.

Source: Tecmundo

    
asked by anonymous 08.08.2014 / 19:05

1 answer

2

You could mount the digitizable line with images of the numbers, or generate an "on the fly" image with the whole number, but that would make the client have to type it manually, without being able to copy and paste.

Another option would be to try to overshadow it with hidden HTML elements as in the example below:

  

041192.11800 26238.100007 19275.041424 2 61480000069739

The HTML code looks like this:

<style>
   .nro { display:none; }
</style>

<span class="nro">Primeira parte da numeração</span><span>041192</span>.<span>11800</span> <span class="nro">Continuação da numeração</span><span>26238</span>.<span>100007</span> <span>19275</span>.<span>041424</span> <span>2</span> <span class="nro">Ultima parte da numeração</span><span>61480000069739</span>

I believe that malware would not be able to detect it.

Or using jquery:

<script>
$(document).ready(function() {
var nr1 = '041192';
var nr2 = '11800';
var nr3 = '26238';
var nr4 = '100007';
var nr5 = '19275';
var nr6 = '041424';
var nr7 = '2';
var nr8 = '61480000069739';

$('#ld').html(nr1 + '.' + nr2 + ' ' + nr3 + '.' + nr4 + ' ' + nr5 + '.' + nr6 + ' ' + nr7 + ' ' + nr8 );
});
</script>

<span id="ld"></span>

Obviously, I would like to set up <script> on the server side, and to make it even harder to use base64_encode in numbers, I would have to implement a function in javascript to decode, or even create encoding and decoding from scratch. >     

08.08.2014 / 21:35