"With the enhancements that banks have deployed in terms of authentication secur
ity on their online banking sites, phishing attacks are becoming less and less effective, and attacks of the ‘Man in the Browser’ type are set to increase," says Mikko Hypponen, the Chief Research Officer at F-Secure.
ity on their online banking sites, phishing attacks are becoming less and less effective, and attacks of the ‘Man in the Browser’ type are set to increase," says Mikko Hypponen, the Chief Research Officer at F-Secure. Unlike previous techniques, this type of malicious code is designed specifically for certain banking sites and will only become active when the user visits the site of his bank.
The "Man in the Browser" will intercept the the HTML code on the user’s browser, thus retrieving the victim’s the logging credentials (both login name and password). Later on, the information will be stored on an FTP site, waiting to be purchased by the highest bidder.
This type of malware proves to be a real headache for security developers. According to F-secure, it is recommended that users resort to security products based behavioral analysis, given the fact that the malware only reacts to certain sites.