You get a bonus - 1 coin for daily activity. Now you have 1 coin

Man-in-the-browser

Lecture



Man-in-the-browser (MITB, MitB, MIB, MiB), a troxy horse [1] that infects a web browser by taking If you’re a web browser, you’ll be able to use it. A MitB attack will be successful whether it is a security mechanism such as SSL / PKI and / or two or three-factor Authentication solutions are in place. A MitB attack may be counted by the out-of-the-band transaction, although it can be defeated by a man-in-the-mobile (MitMo) malware infection on the mobile phone. Antivirus software [2] with a 23% success rate against Zeus in 2009, [3] and [4] Report of the antivirus were needed. [4] A simple, bang-in-the-browser attack (BitB, BITB). In the survey, it’s worth noting.


Description
Augus Paes de Barros in his presentation. The name man-in-the-browser was coined by Philipp Gühring on 27 January 2007. [6]

There are a number of ways to enhance your browser’s browsing experience (for example in JavaScript), Browser Helper Objects (a feature limited to Internet Explorer) [6] Antivirus software can detect some of these methods. [2]

If you’re on the Internet, you’ll find out how to enter the browser. This bank, however, will receive instructions, i.e. If you’re a client, you’ll be safe. Authentication, by definition, is concerned with the validation of identity credentials. This should not be confused with transaction verification.

Examples
Examples of MitB threats are on different operating systems and web browsers:

Man-in-the-browser examples
Name Details Operating system Browser
Agent.DBJP [7] Windows IE, Firefox
Bugat [8] Windows IE, Firefox
Carberp targets Facebook users redeeming e-cash vouchers [9] Windows IE, Firefox
ChromeInject * [10] Greasemonkey impersonator [11] Windows Firefox
Clampi [12] Windows IE
Gozi [1] Windows IE, Firefox
Nuklus [2] [11] Windows IE
OddJob [13] keeps bank session open Windows IE, Firefox
Silentbanker [14] Windows IE, Firefox
Silon [15] Windows IE
SpyEye [16] successor of Zeus, widespread, low detection Windows IE, Firefox
Sunspot [17] widespread, low detection Windows IE, Firefox
Tatanga [18] Windows IE, Firefox, Chrome, Opera, Safari, Maxthon, Netscape, Konqueror
Torpig ** [15] Windows IE, Firefox
URLZone **** [1] Windows IE, Firefox, Opera
Weyland-Yutani BOT [19] crimeware kit similar to Zeus, not widespread [19] [20] Mac OS X Firefox
Yaludle [15] Windows IE
Zeus *** [12] widespread, low detection Windows IE, Firefox
Key Windows: IE Windows: IE & Firefox or Firefox Windows: other Mac OS X: any
* ChromeInject aka ChromeInject.A, ChromeInject.B, Banker.IVX, Inject.NBT, Bancos-BEX, Drop.Small.abw [10]
** Torpig aka Sinowal, Anserin [1]
*** Zeus aka ZeuS, Zbot, [21] Wsnpoem, [22] [23] NTOS, [3] PRG, [3] Kneber, [24] Gorhax [24]
**** URLZone aka Bebloh! IK, Runner.82176, Monder, ANBR, Sipay.IU, Runner.fq, PWS.y! Cy, Zbot.gen20, Runner.J, BredoPk-B, Runner.EQ
Protection
Out-of-band transaction verification
MitB attack is a process of verification. The MitB Trojan completes the channel; for example: an automated telephone call, SMS, or a dedicated mobile app with graphical cryptogram. [25] It is a three-factor authentication, it is a three-factor authentication, it can be used for the public domain (eg landline, mobile phone, mobile phone, etc.) non-repudiation level) and transaction verification. If you’re on the fly, you’ll be able to complete the transaction.

Man-in-the-mobile
Mobile phone mobile Trojan spyware man-in-the-mobile (MitMo) [26] can defeat OOB SMS transaction verification. [27]

ZitMo (Zeus-In-The-Mobile) is not a Trojan itself (although it performs the SMSes), it’s recommended that you use it. By intercepting all incoming SMSes, it will help you to opt for Windows Mobile, Android, Symbian, BlackBerry. [27] Antivirus running on the mobile device.
SpitMo (SpyEye-In-The-Mobile, SPITMO), is similar to ZitMo. [28]
Web fraud detection
For frauds, it will be accepted. [29]

Antivirus
Known Trojans can be detected, blocked by antivirus software. [2] In a 2009 study, the effectiveness of antivirus against Zeus was 23%, [3] and again low rates. [4] Report of the antivirus were needed. [4]

Hardened software
Secure Web Browser: [citation needed]. In this case, the security device rather than executing the "infected" browser has been released.
Browser security software: It can be blocked by in-browser security software such as Microsoft Windows XP [12] [11] [15]
Alternatives to Microsoft Windows like Android, iOS, Chrome OS, Windows Mobile, Symbian etc., and / or browsers Chrome , Opera. [30] Further protection can be achieved by running this CD, or Live USB. [31]
Related attacks
Proxy Trojans
Keyloggers are the most primitive type of proxy Trojans, followed by browser-session recorders that are the most sophisticated type. [1]

Man-in-the-middle
Main article: Man-in-the-middle
SSL / PKI etc. may be a man-in-the-middle attack, but he offers a man-in-the-browser attack.

Boy-in-the-browser
For example, it was a termed boy-in-the-browser (BitB or BITB). Malware is a man-in-the-middle attack. [Citation needed] Once the routing has been changed, the malware may completely remove itself.

Clickjacking
Main article: Clickjacking
Clickjacking tricks for a web browser.

created: 2014-08-31
updated: 2021-04-20
132553



Rating 9 of 10. count vote: 2
Are you satisfied?:



Comments


To leave a comment
If you have any suggestion, idea, thanks or comment, feel free to write. We really value feedback and are glad to hear your opinion.
To reply

Cryptanalysis, Types of Vulnerability and Information Protection

Terms: Cryptanalysis, Types of Vulnerability and Information Protection