Please wait while the page is being loaded Skip this advertisement >
ARN

'Man in the browser' is new threat to online banking

'Man in the browser' attacks will increase just as banks are curbing keystroke logging, phishing and pharming
Computerworld UK staff (Computerworld UK)  27 November, 2007 15:10:50
Have your say!
Add to Google

Hackers infecting PCs with malware that is only triggered when they access their bank accounts, is the latest threat to online banking, according to security software supplier F-Secure.

Hackers are acting as a 'man in the browser' by intercepting HTML code in the web browser. As bank security measures are curbing more traditional threats such as keystroke logging, phishing and pharming, F-Secure warned the 'man in the browser' attack will increase.

Once a user's PC is infected, the malicious code is only triggered when the user visits an online bank. The 'man in the browser' attack then retrieves information, such as logins and passwords, entered on a legitimate bank site. This personal data is sent directly to an FTP site to be stored, where it is sold to the highest bidder.

Security products using behavioral analysis were the best solution against such attacks, because the malware was only distributed to the users of specific banking sites, said Mikko Hypponen, chief research officer at F-Secure. This meant anti-malware software vendors were unlikely to be able to quickly release codes to tackle all the new threats.

Following the enhancements that banks have made to authentication on their websites, "phishing attacks are becoming less and less effective and attacks of the 'Man in the Browser' are set to increase", he warned.

Comments

Post new comment

Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Syndicate content
Careerone Job Search
Job seekers Get job alerts | Post your resume online | Interview tips | Ask Kate
Advertisers Click here to advertise your jobs to thousands of job seekers monthly.
 
ARN Distributor Directory
 
Find distributors by name
Find distributors by vendor
Find distributors by location
ARN Vendor Directory
 
Find vendors by name | Find by category
ARN Community Comments
Most Commented
ARN Library


Read Material

RSA - Where Online Fraud is Going

Where Online Fraud is Going: An Insight into Emerging Threats and Changing Fraud Patterns The basic workings of online fraud can be directly correlated to “ real-world” crime.

Subscribe to ARN

ARN has been the premier provider of information to the Australian IT channel for more than 12 years. As the only weekly publication dedicated to the channel, ARN produces timely, accurate news and analysis about IT business issues, products and services, new technology and market opportunities.
Sponsored Links