[LAC-TF] internet banking threatens IPv6 in Brazil

Antonio M. Moreiras moreiras at nic.br
Fri Apr 10 12:44:12 BRT 2015

Yep. It looks like malware in a lot of ways.

I don't know for sure what it should do. The company says that it is
similar to an antivirus, and it tries to protect the user against DNS
poisoning and phishing, detecting fake sites similar to those of banks.
There are people that suspect of privacy issues, but I don't have
evidence of it. They suspect it also sends information about the system
(installed software and versions, for instance) and Internet navigation
to the banks.

They sell a version of it as a personal security software:
http://www.g-lock.com.br/. There is some information at the website.

In other countries in our region is it normal for banks to ask (or
force) people to install specific security solutions in Windows in order
to allow access to online banking? What kind of security systems do they


On 09/04/15 21:44, Carlos M. Martinez wrote:
> Hi Antonio,
> what does this software do ? Any software that 'has no means of
> uninstalling or disabling it' looks very similar to malware :-)
> cheers!
> -Carlos
> On 4/9/15 9:06 PM, Antonio M. Moreiras wrote:
>> Hi.
>> We have an interesting situation here. At the same moment that some of
>> our big ISPs are starting to deploy IPv6 to home users [1], a bug in a
>> software used by online banking for security reasons threatens this
>> initiative.
>> This software is 'warsaw 1.5.1' from GAS Tecnologia, that is a Diebold
>> company. It is used by our main banks. The security software installs
>> itself automatically when the user access home banking, and works as a
>> service in Windows. According to the company, it is installed in more
>> than 31 million Windows hosts in Brazil, and it doesn't offer any means
>> to the user uninstall it.
>> If the network has IPv6, the bug prevents the access to IPv6 hosts, even
>> if IPv4 is also available. From the end user point of view, 'Internet
>> stops' (you can't access Google, Facebook, Yahoo, Netflix, etc, and even
>> network shared folders). Ahh... Yes, you can still use the home banking
>> website, since it is IPv4 only. So the user probably will blame the ISP
>> for the lack of connection, or a virus, or maybe the IPv6 deployment
>> itself, if he is aware of it.
>> It has proved to be more difficult than it should to show the seriouness
>> of this situation to the banks and to the company that sells this
>> solution to them. At the same time, we listen from some companies and
>> universities that their IT teams are starting to disable IPv6 in Windows
>> 7 and Windows 8 to mitigate this problem.
>> Do you know any similar problem? I'm not sure if this technology from
>> Diebold is used in other countries.
>> We wrote an article in ipv6.br about it:
>> http://ipv6.br/bug-em-plugin-de-seguranca-de-bancos-bloqueia-internet/
>> Regards,
>> Moreiras.
>> [1] http://6lab.cisco.com/stats/cible.php?country=BR&option=users

More information about the LACTF mailing list