Universal Man in the Browser Attack Targets All Websites

Posted: November 12, 2012 in IT Security News, Vulnerability News
Tags: , ,

Universal Man in the Browser Attack

Researchers have discovered a new type of attack: man-in-the-browser

Universal Man-in-the-Browser attack is by introducing malicious extensions for web-browser.

According to the experts on information security from antivirus company Trusteer, the researchers discovered a new type of virus attacks – universal attack man-in-the-browser (Universal Man-in-the-Browser). According to them, the universal design, this method is the use of a Trojan application that resides in the web-browser malware victims extension runs when you restart the browser.

Note that this attack is not a “universal” design is the capture user is directed to a specific web-site (usually a bank). This allows hackers to modify the appearance of a portal, kidnap victim, or authentication data transferred by the user to redirect funds to a third-party account.

Otherwise, mark in Trusteer, when virus writers spend a universal attack man-in-the-browser, under the attacker’s control, without exception, gets all the traffic of the compromised system, not just one that is addressed to a specific web-resource.

Among other things, it allows you to set a malicious web-browser extension to collect all the data entered by the victim on any web-sites. In this case, the criminals do not need to further process the information collected, as the attack is carried out in real time.

Note that experts published in the appropriate YouTube videos that demonstrate the application of Universal Man-in-the-Browser:

 

“Almost each of the IT technology similar story happened. SMTP protocol devised with a view to delivery reliability, but of unsolicited messages (spam) is not thinking. Then it was too late to change everything. Memory access for programs not supplied authentication mechanisms for speed and versatility. And that lived nearly half of all vulnerabilities, “– says in his blog, the expert from the company InfoWatch Nikolai Fedotov.

You can view the Trusteer’s report here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s