On Saturday 4th February 2012, BBC’s Click programme ran a story about crackers outwitting “online banking identity security systems”; a printed article can be found here.
The browser-in-the-midde attack works somewhat like a phishing scam, where your browser tricks you into providing personal information, which is harvested by the malicious code and sent to a cracker or other criminal. The malicious code could also perform a transaction without you knowing, stealing money from your bank account while covering up its tracks.
Browser in the middle attacks are often generated by a small piece of malware code which maybe download from a poisoned website unknowingly. Not all virus checkers detect and quarantine this new form of malicious code. This enables browser in the middle malware code to reside within the browser’s cache or elsewhere on your hard disk, waiting for an opportunity to be activated when you logon to your on-line banking provider. Continue reading