Man-in-the-Browser (“MITB”) attacks bypass all cryptographic mechanisms against interference, including, but not limited to, passwords, credentials, encryption, and SSL, by taking over the interface between the user (i.e. client) and the website (i.e. server). These attacks cause significant damage and are easy to code and deploy.
Data that leaves a client computer/device is vulnerable to a wide array of attacks, including, but not limited to, unauthorized collection of data, spoofing attacks, sniffing attacks, phishing attacks, password compromises, and attacks against client users and server information repositories. Personal computer users scan for compromises with antivirus applications that are only minimally effective. On the institutional level, risk managers look for abnormal transaction patterns to detect online fraud. Thus, attacks are currently undetectable if they fail to trigger antivirus warnings or abnormal transaction alerts.
A MITB attack circumvents standard user defenses while making it easy for adversaries to automate attacks. MITB attacks, including but not limited to those enabled by the Zeus toolkit, often go further than watching what occurs in browsers. These attacks frequently impersonate the user or alter data before it is displayed to the user. Client defenses currently require individualized surveillance of target machines and comprise eliminating or thwarting attacks only as they are detected.