Boy In The Browser

Boy In The Browser (BITB), another sophisticated Trojan that is going endanger today’s internet security is going to be the main theme of this post by ITSC. Just like MITB, the BITB works pretty similar to BITB just that it is a down grade version of MITB. For the readers who need further reference about MITB, you can refer to here. I would say that BITB is a little combination of MITB and MITM.

What are the impact?
BITB is not exactly like MITB. Although BITB still require to be injected into the victim’s internet browser before fully functional, but it does not work as smart as MITB after that. BITB will then redirect the traffic to another hosted server and therefore, the BITB attack requires two types of resources which is the Trojan code and a attacker-controlled server. These two resources is not a big deal as to setup an attacker-controlled server is just few clicks away with current technology’s automated tools and for the Trojan code, BITB is actually a short Trojan code and it is easy to write.

Comparing to MITB
MITB will intercept the victim’s connection and then modify any necessary information before passing to the server. BITB on the other half, will only redirect the traffic to an attacker-controlled server. Any modification will only be done at the attacker-controlled server. Hence, this make BITB code much more easier to write and less sophisticate than MITB. This however does not increase or decrease the rate of BITB detection as BITB is as hard to detect as MITB.

Why invest into BITB and how to prevent?
Let’s see MITB, it is tough to write this sort of sophisticated Trojan. While as mentioned above, BITB is much easier to write and it is just a short code. Although the cons of BITB here looks to be in need of another attacker-controlled server, but it is not hard to setup. Hackers with lower affordability in investment will definitely go for BITB. Last on the prevention of BITB, it is pretty advisable to use a dedicated PC that is solely for online banking to prevent any sort of Trojan or malware to sneak into it. Of course, there are more prevention method and you are interested to know more, you can visit one of the ITSC post here on the prevention of MITB attack.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Pwn2Own: Safari & IE8 Hacked, Firefox & Chrome Stand Strong
  2. Tatanga, Trojan That Robs Bank Account
  3. Man In The Browser
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)