man in the browser

Many experienced Web users are aware of phishing scams, in which an unsuspecting user is directed to a fake Web site through a link in an e-mail or some other notification. A man in the browser attack, however, unlike phishing, occurs when the victim has entered the URL into the browser independently, without an external prompt. On the surface, transactions are taking place normally with expected prompts and password requirements.

A man in the browser attack is similar to the man in the middle tactic, in which an attacker intercepts messages in a public key exchange. The attacker then retransmits them, substituting bogus public keys for the requested ones. A man in the browser attack is more difficult to prevent and disinfect, however, because instead of occurring in a public exchange, the activity takes place between the user and the security mechanisms within that user's browser.

Read more about man in the browser: - In this paper, Philipp Guhring explains man in the browser and suggests countermeasures. - Covelight Systems offers a solution that can protect computers against emerging attack forms.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Malware, Viruses, Trojans and Spyware,   Information Security Threats,   Emerging Information Security Threats,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT How to defend against rogue DHCP server malware Rogue DHCP server malware is a new twist on an old concept. The good news is that defenses exist; the bad news is that many organizations haven't... New Trojan stealing FTP credentials, attacking FTP websites A new Trojan has collected up to 80,000 unique FTP server logins and is injecting malicious code into thousands of FTP websites. Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths Security researchers report malicious spam, poisoned search engine results just hours after the deaths of pop star Michael Jackson and actress Farrah...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself... directory traversal  (SearchSecurity.com) Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the...