Security firm F-secure reports that hackers are implanting malware into browsers that trigger only when users access banking sites. These attacks that specifically target several banks are harder to tackle with generic patches.
Once a user's PC is infected, the malicious code is only triggered when the user visits an online bank. The 'man in the browser' attack then retrieves information, such as logins and passwords, entered on a legitimate bank site. This personal data is sent directly to an FTP site to be stored, where it is sold to the highest bidder.
Man-in-the-middle attacks, a variation of which is the Man-in-the-browser attack, circumvents encryptions-based security by eavesdropping into the communication between trusted clients. While the clients are unaware that there is eavesdropping going on in the network, the malicious agent is free to tamper data that passes between the clients.
While the article notes that behavioral analysis would help prevent such attacks, products from firms such as KeyID are relevant as they help ensure that no other agent eavesdrops on a communication channel between two clients, i.e. only one SSL (Secure Socket Layer) connection exists.
The method used by KeyID adds an additional layer of authentication over the secure channel and even if the channel is hacked, the ID exists only for the session.