New Boy In The Browser Attacks On The Rise

  /     /     /  
Publicated : 22/11/2024   Category : security


New Boy In The Browser Attacks On The Rise


Researchers at Imperva identify proxy Trojan attack targeting banks, retailers, and Google thats a less-sophisticated knock-off of man-in-the-browser



SAN FRANCISCO, CA -- RSA Conference 2011 -- A new but familiar type of attack on the rise is a spin-off of the proxy Trojan, keylogger, and man-in-the-browser (MITB) attack. The boy-in-the-browser (BITB) attack -- so named as a less sophisticated form of MITB -- may be immature, but its efficient, easy, and targeting users visiting their banks, retailers, and even Google.
It reroutes a [victims] traffic without them being aware ... Its so effective because its quick to modify itself so antivirus cant detect it. Its great for a quick-hit attack, says Noa Bar-Yosef, senior security strategist with Imperva, which issued a security alert today on this attack technique that its researchers have spotted in the wild.
BITB is basically a dumbed-down MITB in which the attacker infects a user with its Trojan, either via a drive-by download or by luring the user to click on an infected link on a site. The Trojan reconfigures the victims hosts file and reroutes the victims traffic for a specific website -- say, a bank or an online retailer -- and to the attackers own server posing as that site. Then the BITB attacker can intercept or modify the transaction. Its difficult to detect, Bar-Yosef says, because the victim sees the same URL he or she was requesting.
Bar-Yosef says the BITB is a low-cost and relatively easy attack to wage. Nine Latin American banks have been targeted with this attack, and another attack went after Google for ad fraud. In the Google attack, the attackers basically reconfigured the search engine address of different Google regional URLs, such as www.google.co.uk, which was rerouted to the attackers URL that appeared similar to the Google page. When the victim searches on the Google site, the request is sent to the attackers server, thus letting the attacker collect ad clicks or steal the victims persistent cookies, for instance.
That particular BITM attack was uncharacteristically simple to detect because the page wasnt a perfect match to the legitimate Google site, Bar-Yosef says, but in most cases, there are no obvious clues with these attacks.
Impervas advisory on the attacks is
here
.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Boy In The Browser Attacks On The Rise