Do not Allow Internet Browsers or Security Programs Save Passwords

The first time you surf to a website that asks for a password, your browser will ask you if you want to remember it.

What a great idea! The browser can save the password and I won’t have to remember all the different passwords I have for different sites!

What seems like a good thing really isn’t. If your computer is infected by an advanced threat, like the ZeuS Banking Trojan, one thing they do is look for your stored passwords and send them to the malware control server.

This is just not your passwords stored by IE or Firefox, but also passwords stored by “Internet Security Programs” that are supposed to save and protect your passwords.

The best bet is to never allow your internet browser (or security program) save passwords for you.

So what can you do if you have already told your browser to save your passwords? In Internet Explorer go to “Safety”, then “Delete Browsing History”. You will see a screen like the one above. Just make sure “Passwords” is checked and then hit delete. 

In Firefox go to “Tools”, “Options”, “Security”, “Saved Passwords” and “Delete all”. That should do it.

 If you are interested in learning more about the current version of ZeuS and what it can do, check out Secureworks Threat Analysis.



One thought on “Do not Allow Internet Browsers or Security Programs Save Passwords”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.