Category: 

What is a Man in the Browser Attack?

Article Details
  • Written By: Malcolm Tatum
  • Edited By: Bronwyn Harris
  • Last Modified Date: 21 August 2016
  • Copyright Protected:
    2003-2016
    Conjecture Corporation
  • Print this Article
Free Widgets for your Site/Blog
The U.S. Coast Guard led the evacuation of more than 500,000 people from Lower Manhattan on 11 September 2001.  more...

September 27 ,  1940 :  The World War II Axis powers formed with the signing of the Tripartite Pact.  more...

A man in the browser attack is an application that is capable of stealing login credentials, account numbers, and various other types of financial information. The attack combines the use of Trojan horses with a unique phishing approach to insinuate a window that overlays the browser on a given computer. The presence of the Trojan horse is transparent to the user, as it does not interfere with the normal use of the browser to visit web sites and engage in transactions on those sites.

These attacks are designed to capture confidential information that can be used to the advantage of the entity that launched the attack. As part of the function, the man in the browser process begins with the establishment of the Trojan on the hard drive. The Trojan embeds in a file and is often hard to isolate. Once the Trojan is in place, the virus launches a transparent overlay on the browser that is unlikely to be detected.

Unlike more traditional phishing methods that employ links in the body of emails to direct users to fake web sites and prompt them to enter secure data, the man in the browser simply captures data as the user enters it. The user is completely unaware of that the data is being hijacked, since he or she is interacting with a legitimate site. The attack does not interfere with the transaction in any way at this point.

Ad

Once the data is captured, the entity that created and distributed the attack receives the collection of security codes, credit card numbers, or bank account login information and can begin to use it for a wide range of purposes. The victim may not be aware of the problem until several credit cards have been used or the balance in the checking account begins to drop unexpectedly.

Part of the frustration with a man in the browser attack is that the bug is very hard to detect and even harder to remove from the system. Unlike many other forms on intrusive viruses, the invader operates between the browser security protocols and the input of the user. This means that standard security measures normally will not even reveal the presence of the virus.

Ad

You might also Like

Recommended

Discuss this Article

anon29216
Post 1

"Once in place, the Trojan is in place, the virus launches a transparent overlay on the browser that is highly likely to be detected. "

Surely you don't mean 'unlikely to be detected'?

Post your comments

Post Anonymously

Login

username
password
forgot password?

Register

username
password
confirm
email