Man-in-the-browser

Man-in-the-browser (MITB, MitB, MIB, MiB), a troxy horse [1] that infects a web browser by taking If you’re a web browser, you’ll be able to use it. A MitB attack will be successful whether it is a security mechanism such as SSL / PKI and / or two or three-factor Authentication solutions are in place. A MitB attack may be counted by the out-of-the-band transaction, although it can be defeated by a man-in-the-mobile (MitMo) malware infection on the mobile phone. Antivirus software [2] with a 23% success rate against Zeus in 2009, [3] and [4] Report of the antivirus were needed. [4] A simple, bang-in-the-browser attack (BitB, BITB). In the survey, it’s worth noting.

Description
Augus Paes de Barros in his presentation. The name man-in-the-browser was coined by Philipp Gühring on 27 January 2007. [6]

There are a number of ways to enhance your browser’s browsing experience (for example in JavaScript), Browser Helper Objects (a feature limited to Internet Explorer) [6] Antivirus software can detect some of these methods. [2]

If you’re on the Internet, you’ll find out how to enter the browser. This bank, however, will receive instructions, i.e. If you’re a client, you’ll be safe. Authentication, by definition, is concerned with the validation of identity credentials. This should not be confused with transaction verification.

Examples
Examples of MitB threats are on different operating systems and web browsers:

Man-in-the-browser examples
Name Details Operating system Browser
Agent.DBJP [7] Windows IE, Firefox
Bugat [8] Windows IE, Firefox
Carberp targets Facebook users redeeming e-cash vouchers [9] Windows IE, Firefox
ChromeInject * [10] Greasemonkey impersonator [11] Windows Firefox
Clampi [12] Windows IE
Gozi [1] Windows IE, Firefox
Nuklus [2] [11] Windows IE
OddJob [13] keeps bank session open Windows IE, Firefox
Silentbanker [14] Windows IE, Firefox
Silon [15] Windows IE
SpyEye [16] successor of Zeus, widespread, low detection Windows IE, Firefox
Sunspot [17] widespread, low detection Windows IE, Firefox
Tatanga [18] Windows IE, Firefox, Chrome, Opera, Safari, Maxthon, Netscape, Konqueror
Torpig ** [15] Windows IE, Firefox
URLZone **** [1] Windows IE, Firefox, Opera
Weyland-Yutani BOT [19] crimeware kit similar to Zeus, not widespread [19] [20] Mac OS X Firefox
Yaludle [15] Windows IE
Zeus *** [12] widespread, low detection Windows IE, Firefox
Key Windows: IE Windows: IE & Firefox or Firefox Windows: other Mac OS X: any
* ChromeInject aka ChromeInject.A, ChromeInject.B, Banker.IVX, Inject.NBT, Bancos-BEX, Drop.Small.abw [10]
** Torpig aka Sinowal, Anserin [1]
*** Zeus aka ZeuS, Zbot, [21] Wsnpoem, [22] [23] NTOS, [3] PRG, [3] Kneber, [24] Gorhax [24]
**** URLZone aka Bebloh! IK, Runner.82176, Monder, ANBR, Sipay.IU, Runner.fq, PWS.y! Cy, Zbot.gen20, Runner.J, BredoPk-B, Runner.EQ
Protection
Out-of-band transaction verification
MitB attack is a process of verification. The MitB Trojan completes the channel; for example: an automated telephone call, SMS, or a dedicated mobile app with graphical cryptogram. [25] It is a three-factor authentication, it is a three-factor authentication, it can be used for the public domain (eg landline, mobile phone, mobile phone, etc.) non-repudiation level) and transaction verification. If you’re on the fly, you’ll be able to complete the transaction.

Man-in-the-mobile
Mobile phone mobile Trojan spyware man-in-the-mobile (MitMo) [26] can defeat OOB SMS transaction verification. [27]

ZitMo (Zeus-In-The-Mobile) is not a Trojan itself (although it performs the SMSes), it’s recommended that you use it. By intercepting all incoming SMSes, it will help you to opt for Windows Mobile, Android, Symbian, BlackBerry. [27] Antivirus running on the mobile device.
SpitMo (SpyEye-In-The-Mobile, SPITMO), is similar to ZitMo. [28]
Web fraud detection
For frauds, it will be accepted. [29]

Antivirus
Known Trojans can be detected, blocked by antivirus software. [2] In a 2009 study, the effectiveness of antivirus against Zeus was 23%, [3] and again low rates. [4] Report of the antivirus were needed. [4]

Hardened software
Secure Web Browser: [citation needed]. In this case, the security device rather than executing the "infected" browser has been released.
Browser security software: It can be blocked by in-browser security software such as Microsoft Windows XP [12] [11] [15]
Alternatives to Microsoft Windows like Android, iOS, Chrome OS, Windows Mobile, Symbian etc., and / or browsers Chrome , Opera. [30] Further protection can be achieved by running this CD, or Live USB. [31]
Related attacks
Proxy Trojans
Keyloggers are the most primitive type of proxy Trojans, followed by browser-session recorders that are the most sophisticated type. [1]

Man-in-the-middle
Main article: Man-in-the-middle
SSL / PKI etc. may be a man-in-the-middle attack, but he offers a man-in-the-browser attack.

Boy-in-the-browser
For example, it was a termed boy-in-the-browser (BitB or BITB). Malware is a man-in-the-middle attack. [Citation needed] Once the routing has been changed, the malware may completely remove itself.

Clickjacking
Main article: Clickjacking
Clickjacking tricks for a web browser.