man in the browser

Man in the browser refers to an emerging tactic used by hackers to commit financial fraud... (Continued)

Man in the browser is a security attack where the perpetrator installs a Trojan horse on a victim's computer that's capable of modifying that user's Web transactions as they occur in real time. According to security expert Philipp Guhring, the technology to launch a man in the browser attack is both high-tech and high priced. Use of the tactic has been limited to financial fraud in most cases, due to the resources required. Both Firefox and Internet Explorer on Windows have been successfully targeted.

Many experienced Web users are aware of phishing scams, in which an unsuspecting user is directed to a fake Web site through a link in an e-mail or some other notification. A man in the browser attack, however, unlike phishing, occurs when the victim has entered the URL into the browser independently, without an external prompt. On the surface, transactions are taking place normally with expected prompts and password requirements.

A man in the browser attack is similar to the man in the middle tactic, in which an attacker intercepts messages in a public key exchange. The attacker then retransmits them, substituting bogus public keys for the requested ones. A man in the browser attack is more difficult to prevent and disinfect, however, because instead of occurring in a public exchange, the activity takes place between the user and the security mechanisms within that user's browser.

This was first published in August 2006

Continue Reading About man in the browser

Glossary

'man in the browser' is part of the:

View All Definitions

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close