uh oh

In this story, they're referencing something similar to a 'man in the middle' attack. Picture you're playing a game of 'phone' as kid. You have a soup can, so does your friend. they're connected by a long piece of string and you talk to each other through the cans. This where a 'man in the middle' attack takes place - the fraudster would be in the middle of the string listening to your conversation.


'Man in the browser' is new threat to online banking
Traditional anti-malware software not likely to catch these threats quickly


November 27, 2007 (Computerworld UK) -- Criminals infecting PCs with malware that is only triggered when they access their bank accounts are the latest threat to online banking, according to security software supplier F-Secure.

Perpetrators act as a 'man in the browser' by intercepting HTML code in the Web browser. As bank security measures curb more traditional threats such as keystroke logging, phishing and pharming, F-Secure warned, the 'man in the browser' attack will increase.

Once a user's PC is infected, the malicious code is only triggered when the user visits an online bank. The 'man in the browser' attack then retrieves information, such as logins and passwords, entered on a legitimate bank site. This personal data is sent directly to an FTP site to be stored, where it is sold to the highest bidder.

read more