BITB Assaults Getting Aggressive, Cautions Imperva
The attack technique namely BITB (Boy-in-the-Browser) that security firm Imperva uncovered during early 2011 is apparently morphing, with online crooks focusing on ways to bypass traditional anti-malware programs.
Says Tomer Bitton, who's with the Application Defense Center of Imperva, many people know about the existence of MITB (Man-in-the-Browser) assaults, but the majority don't know about the not-so-popular Boy-in-the-Browser assaults. BITB assaults aren't similarly sophisticated as MITB; however, the former malware is an evolution of conventional keyloggers as well as records of browser sessions. Additionally, with BITB Trojans recently surging and aiming attacks on Chilean banks as well as their accountholders, it becomes evident that these assaults are gaining momentum as also constantly bypassing IT security software, Bitton elaborates. Security Park reported this on June 7, 2011.
Moreover according to Bitton, BITB assaults begin with plain, innocuous appearing phishing e-mail, which lures an end-user for clicking a web-link so he may view a site to get additional details. Nevertheless, the site doesn't typically convince the end-user for giving out personal information rather it prompts him for taking down Adobe Flash (latest version) so he may view the site.
Bitton explains that the majority of end-users will be so deceived that they would start believing this as also subsequently follow the web-link. He also adds that instead of getting any Flash, the end-users in reality download malware.
And when loaded, the Trojan malware makes its copy onto the PC's registry following which it prompts the end-user for executing the program that remains unaffected from the machine's restart, while it effectively infects the system. Moreover, the Trojan, for evading detection, makes fresh 'hosts' file that's placed as read-only document. Additionally, it superimposes certain entries on the hosts file, which represents the corresponding of URL (hostname) with the Internet Protocol system.
What's more Bitton observes that when an end-user next attempts at linking up with banking software alternatively a widely-accessed website, the Trojan diverts him onto a copycat website under the control of cyber-criminals. He adds that end-users can hardly realize the distinction and therefore here, their credentials get deceptively captured. InfoSecurity published this on June 7, 2011.
» SPAMfighter News - 16-06-2011