Man in the Browser (attack) & Protection Layers

lotuseclat79 · Feb 26, 2010

Man in the Browser.

MITB (Man in the Browser) Protection Layers.

-- Tom

Searching_ _ _ · Feb 26, 2010

So basically an attacker can block existing fields and/or create new fields that a user enters important information in and alter the response viewed by the target.

This is the bad side of the internet. Is it too late to return to the gold standard?

Zeus Bot Analysis
URLZone Bot Analysis

Rmus · Feb 26, 2010

Man in the Browser a.k.a MITB is a new breed of attacks whose primary objective is to spy on browser sessions (mostly banking) and in that process intercept and modify the web page contents transparently in the background.

Case 1: (an imaginary situation)

Bob, an accountant in a local firm is a passionate guy who loves to work, even during off hours. One day while browsing the internet from home in search of some freeware software, he suddenly found his browser crashing unexpectedly. Hmm.. weird, may be it's some kind of software bug, he thought, and opened another browser window to continue his search.

At this point Bob had no idea that his machine had been infected with a nasty banking Trojan, Zeus/Zbot. Zeus had just exploited a vulnerability in his browser and installed itself silently on his PC.

Case 2: (an imaginary situation)

It's Bob again, and this time his PC is infected with yet another MITB malware URLZone/Bebloh.
Click to expand...

Bob needs to visit wilderssecurity.com and learn how to protect against drive-by downloads of banking trojans.

-rich

Log in or Sign up

Man in the Browser (attack) & Protection Layers

lotuseclat79 Registered Member

Searching_ _ _ Registered Member

Rmus Exploit Analyst

Log in or Sign up

Man in the Browser (attack) & Protection Layers

lotuseclat79 Registered Member

Searching_ _ _ Registered Member

Rmus Exploit Analyst

Useful Searches