Afraid of Infections? Beware of The 'Man In The Browser'!

Security vendor F-Secure today reported that a new technique is being used by the attackers aiming to compromise users' computers and steal their sensitive information. Codename 'Man in the Browser', the new type of attack attempts to install a malicious file on the systems and remain inactive until the victim loads a bank website. Because it is only supposed to steal financial details, the dangerous code is meant to be triggered once the user enters his username and password on this kind of webpages.

"This type of malware is capable of retrieving the information (login and password) that is entered by the web user on the real web page of the bank site by intercepting the HTML code on his web browser," F-Secure explained. After the credentials are stolen, the details are uploaded on a FTP server owned by the attacker which will be accessed at a later time. The interesting fact is that most attackers aim to steal the information over the web to the highest bidder interested in it. "This personal data is then sent directly to an FTP site where the cyber criminal stores it, before selling it on to the highest bidder on other web sites used by cyber-criminals."

In case you're wondering how to protect your computer, it's pretty easy to do it by installing a powerful antivirus technology that provides detection for malicious codes installed on the system.

"With the enhancements that banks have deployed in terms of authentication security on their online banking sites, phishing attacks are becoming less and less effective, and attacks of the 'Man in the Browser' type are set to increase", says Mikko Hypponen, the Chief Research Officer at F-Secure.

In case your computer is vulnerable because you didn't install any security application such as an antivirus, you can take one straight from Softpedia.