By Abhay Bhargav
The first thing that most of us do when we switch on our computers is immediately click on an icon that is titled Internet Explorer, Mozilla Firefox or Google Chrome. These web browsers are our windows to the Internet.
A Web Browser is defined as a programme that retrieves, presents and allows us to traverse information on the Internet.
We check our e-mail, shop online and carry out all our activities on the Internet using this software that is indispensable. However, attackers have become aware of this powerful tool used by millions of people everyday to perform their daily activities on the Internet.
They use some deadly attacks to turn your everyday web browser against you.
This is the 'Man-in-the-Browser' attack.
The attacker downloads a programme onto your computer that installs an extension (Trojan/malicious code) on your browser. This extension records your activities on the Internet and reports the results to an attacker who controls them remotely.
For instance, let us assume that you do banking over the Internet and your browser has been 'hooked' by an attacker. The attacker installs software that might record your Internet banking username and password and hack your bank account.
This is just the tip of the iceberg.
The attacker can compromise your browser and subsequently may be able to compromise your entire computer and all the data contained within. The browser extension installed by the attacker can even intercept messages that are secured with SSL/HTTPS as it has already compromised your browser.
In 2010, the Zeus Trojan installed key-logging software on computers to steal banking details such as usernames and passwords.
This Trojan wreaked havoc on 196 countries, infecting millions of computers.
Tips to secure against Man-In-The-Browser attack
Ensure that your anti-virus definitions are up-to-date with the latest virus definitions, because these attacks constantly evolve and only an updated anti-virus is capable of defending against multifarious threats.
Evaluate whether your anti-virus product secures your computer against browser and web malware.
Install the latest versions of web browsers.
Attackers find it easier to penetrate older, more insecure versions of browsers because they are lax on security. For instance, Internet Explorer version 6 is considered an older and insecure browser.
Update your operating systems with automatic security updates on a regular basis.
Ensure that you are using legal versions of operating systems on your computer and the automatic updates feature is operational. In fact, security updates prevent the occurrence of attacks that can compromise the entire computer.
Do not browse unknown web sites or web sites that are 'known-bad'.
Modern browsers warn the user that he/she is browsing a web site that might harm their computer. Please heed your browser 's advice and stay away from such sites.
Attackers commonly send links in phishing e-mails that say 'Click here to collect your winnings!' or similar.
Once the user clicks on said link, he/she is redirected to another site, which installs the malicious software and compromises the browser.
The author is chief technology officer, we45 Solutions India Pvt. Ltd. we45.com
2 comments:
I have bookmarked your blog, the articles are way better than other similar blogs.. thanks for a great blog! Search Bar Firefox 57 Quantum addon
In fact, security updates prevent the occurrence of attacks that can compromise the entire computer. 250-438 exam dumps
Post a Comment