Source: Securitypark
The Boy in the Browser is a sophisticated trojan, a “dumbed-down” version of MitB. In essence, a BitB is a less mature version of the MitB trojan, hence the name.
With a BitB, the trojan takes control of the victim’s traffic and re-routes the information through an attacker’s proxy site. It is very difficult to detect since the victim’s address bar continues to present the address of the intended destination. For example, you as an infected victim are surfing to a bank’s website, but in fact, that traffic is sent to the attacker. Yet, on your browser, you continue to the bank’s normal website.
Once all traffic is re-routed via the attacker, the attacker can do whatever it wants with that data. For example:
* It can act as a proxy just logging sensitive information before passing the request on to the original destination.
* It can act as an “active” proxy modifying requests (for example, to transfer sum to a different bank account) before passing it on.
* Committing fraud schemes. For example, we have seen a scheme which defrauds Google.
This is a growing, resurging, trend amongst hackers, since, in short, it works. Since these trojans are so quick to evolve, anti-viruses do not always detect variants. More people fall prey to these attacks as they are so difficult to detect. Hackers have realized this and are continuing to release more and more variants of BitBs.
A Man in the Browser intercepts user requests and server responses while “sitting” on the victim’s browser. In effect, it listens directly on that communication. For example, when the victim is authenticated to the bank and requests a transfer from his checking account to savings account. The trojan may modify that request in order to make a transfer from the checking account to an account in the Ukraine.
Leave a Reply