March 7, 2011
Niles Nerd

Boy in the Browser Attacks

[this post is from Nerd Dennis Houseknecht]
There has been a recent increase in an attack known as “Boy in the Browser”, or BitB. It is a bit like the classic “Man in the Middle”, or MitM attack, but much simpler and easier to execute. These attacks are often targeted and can be very stealthy.
This trojan simply redirects users who attempt to navigate to one or more specific websites – usually by placing entries in the hosts file which redirect the user to the attacker’s malicious server. As you probably all know, Windows checks the hosts file before making DNS queries. The browser shows the correct URL. If the connection uses SSL, the user will see a certificate error, but many users do not understand these and click through them.
It has become very easy to build very realistic copies if websites, so users will often see exactly what they expect. In other cases, the connection is forwarded to the site the user was looking for, but the traffic can be sniffed or recorded.
You can disable the hosts file by making it read only, or by using this hosts file management tool. You can also initiate some casual, comfortable conversation with Clients about certificate errors in browsers and what they mean.

Need an IT professional? Request service today.