The MitB Trojan works by utilising common facilities provided to enhance Browser capabilities such as Browser helper Objects, Extensions and User scripts etc., and is therefore virtually undetectable to virus scanning software.[2]

In an example exchange between user and host, e.g. an Internet banking transaction such as a funds transfer, the customer will always be shown, via confirmation screens, the exact payment information as keyed into the browser. The bank, however, will receive a transaction with materially altered instructions, i.e. a different destination account number and possibly amount. The use of strong authentication tools simply creates an increased level of misplaced confidence on the part of both customer and bank that the transaction is secure. Authentication, by definition, is concerned with the validation of identity credentials. This should not be confused with transaction verification. An example of a MitB threat is Silentbanker.[3]

Part of the frustration with a man in the browser attack is that the bug is very hard to detect and even harder to remove from the system. Unlike many other forms on intrusive viruses, a man in the browser invader operates between the browser security protocols and the input of the user. This means that standard security measures normally will not even reveal the presence of the man in the browser virus.


PDF download about dealing with it: http://download.entrust.com/resource...010.pdf/?start