The Man in The Browser: The Danger of Viruses

Published on: 01/03/2012

Viruses have come a long way since the first academic work was done on the theory of self-replicating computer code in 1949 by John von Neumann.  The first recorded PC virus was released in 1986 and was called Brain and was an example of a boot sector virus.  It infected a part of a floppy disk and simply added ‘© Brain’ to the label of an infected disk.

There is a misconception that viruses are written by teenagers in bedrooms as a kind of geek virility test.  At one time it was obvious if a machine was infected as the virus itself would announce itself, either intentionally by displaying a message on the screen, or unintentionally by slowing the machine to a crawl or restarting it.

Modern-day malicious software (malware) is much more sophisticated, insidious and dangerous.  It is designed to hide in the machine quietly until it is triggered.  One of the latest manifestations is the Man in the Browser (MITB) attack, an example of financial malware.

The name Man in the Browser is derived from a more general type of malware called Man in the Middle (MITM).  This is designed to sit in a system and communicate with both user and system whilst fooling both ends into thinking they are communicating directly.  For example, one type of malware is designed to take control of an unencrypted wireless connection.  The router and computer think they are communicating directly with each other, but in reality control of the connection has been seized by the MITM malware which is now free to intercept anything transmitted over the wireless connection and forward it to a cyber-criminal elsewhere.

MITB software hijacks a web browser like Internet Explorer, Firefox, Chrome, etc and waits until the user logs onto a sensitive site, for example a bank.  It then modifies the login form so that as well as username and password characters, it will also add fields for your PIN number, full password, etc.  This information is then sent on to the cyber-criminal.  The key thing with MITB attacks is that neither you nor your bank is aware that there is anything untoward.  Sophisticated MITB software will even wait for you to make an online payment, intercept it, and change the payee account and amount in the process.  When you check your statement online, the malware will have changed the payment details displayed back to those you entered in order to mask the fraud.

So how can you stop this happening?  There are a couple of steps you can take.

  • Make sure you have good internet security software on your machine and keep it updated.  The BBC tested a number of well-known security packages using a specially commissioned MITB attack and found that only a few such as Bullguard, F-Secure and Kaspersky detected the problem.  Others, including Norton 360, AVG and McAfee did not.
  • If your online banking screen changes without warning, particularly if you are asked for more information than usual, contact your bank (by telephone) and ask them.  If your bank normally asks for certain characters of your password and suddenly starts asking for the whole word you should be suspicious.

You can watch the BBC item about MITB attacks at  http://news.bbc.co.uk/1/hi/programmes/click_online/9694004.stm

If you’d like to know more, feel free to visit www.amyboost.co.uk.

Please note: posts were written at a specific time and reflect the rules in place at that time, which may no longer be relevant. Furthermore, the posts are generic in nature. We cannot accept any responsibility for any losses in respect of actions taken on the strength of this generic advice. We would advise you to seek up to date advice which is relevant to your circumstances.
View More Updates
Get in Touch
Please call, email or request a callback.