Upload File

man in the browser

16
Man-In-The-Browser Aras Tarhan Manos Dimogerontakis Mário Almeida Umit Buyuksahin

Upload: save-manos

Post on 18-Dec-2014

842 views

Category:

Technology


0 download

Report

DESCRIPTION

 

TRANSCRIPT

Page 1: Man In The Browser

Man-In-The-Browser

Aras Tarhan Manos Dimogerontakis Mário Almeida Umit Buyuksahin

Page 2: Man In The Browser

OUTLINE

● Man-in-the-Browser Attack● Method of Attack● Banking Trojans ● Zeus ● Zeus Installation● Zeus Configuration Files● DEMO

Page 3: Man In The Browser

Man-in-the-Browser Attack

● Online phishers steal money from online customers● Online customers become target with more advanced

methods● One of the latest and most dangerous is Man-in-the-

Browser.● The malicious code modifies actions performed by the

computer users.● Then, steals confidential information● These attacks can not be detected by the user

Page 4: Man In The Browser

Method of Attack● The trojan installs an extension into the browser configuration● Whenever a page is loaded, the URL of the page is searched by the

extension against a list of known sites targeted for attack.● When the handler detects a page-load for a specific pattern in its

targeted list.● When the submit button is pressed, the extension extracts all data

from all form fields.

Page 5: Man In The Browser

Method of Attack (2)● The browser sends the form including the modified values to the

server.● The server receives the modified values in the form as normal

request. ● The server performs the transaction and generates a receipt.● The browser receives the receipt for the modified transaction

and displays the modified receipt with the original details.

Page 6: Man In The Browser

Banking Trojans

A number of Trojan families are used to conduct MITB attacks. Some MITB Trojans are so advanced that they have streamlined the process for committing fraud, programmed with functionality to fully automate the process from infection to cash out.

Some known banking trojans:● Zeus● Sinowal (Torpig)● SpyEye● Carberp● Feodo● Tatanga● ...

Page 7: Man In The Browser

ZEUS

● aim is to steal credentials of the victim● steals banking information by using Key

Stroke Logging and form grabbing methods● first appearance 2007, become widespread

2009 ( about 3.6 million in US )● targets only Microsoft Windows OS● used version: 2.0.8.9

Page 8: Man In The Browser

Evolution of ZEUS

● Version 2.0.0.0, 01.04.2010○ full compatible with previous versions○ the installation process in the system was re-written to send

reports to the Control panel○ valuable work with x32 applications in Windows x64○ the name of the botnet is limited to 20 characters and can

contain any international characters ○ complete (as with wininet.dll) to work with nspr4.dll, but without

HTTP-fakes○ the configuration file is read in UTF-8 encoding

Page 9: Man In The Browser

Evolution of ZEUS

● Version 2.0.1.0, 28.04.2010○ modified to bind to the user/OS○ minor improvements to HTTP-injects

● Version 2.0.2.0, 10.05.2010○ forced change of Mozilla Firefox security settings for normal

HTTP-injects● Version 2.0.3.0, 19.05.2010

○ in the configuration file, ■ added the option "StaticConfig.disable_tcpserver"■ added the option "StaticConfig.remove_certs"

○ in control panel, fixed a bug in the module "Botnet-> Bots"

Page 10: Man In The Browser

Evolution of ZEUS

● Version 2.0.5.0, 08.06.2010○ fixed minor bugs in HTTP-grabber

● Version 2.0.6.0, 22.06.2010○ fixed an error resuting in disabling HTTP-injects

● Version 2.0.8.0, 17.08.2010○ to the parameters HTTP-injects was added a new option "I"

(compare URL insensitive) and "C" (comparison of context insensitive)

● Version 2.1.0.0, 20.03.2011○ RDP + VNC BACKCONNECT added to connect remotely to

the victim

Page 11: Man In The Browser

Zeus - Capabilities

● gets OS info● does other things done by botnet scripts (like reboot,

shutdown, log off and kill OS)● takes screenshot● sends a script to be executed● searches files● all orders and states of them can be viewed on a control

panel in the server

Page 12: Man In The Browser

Used Environments

● Virtual Machine

○ to add a significant layer of security and safety

○ both Server and Client to be hacked are installed on distinct Virtual Machines

○ used program: VirtualBox 4.1.6 for Windows hosts, Oracle○ each of them has two network adaptors, Host-only to

communicate between them and NAT for outside internet access

● Operating System○ used program: Windows XP Service Pack 3, Microsoft ○ since Zeus we get is able to be builded on Windows

Page 13: Man In The Browser

● Server and Database○ to manage bots inside victims○ to receive the information from bots running on infected

clients○ to store the targeted data about the victim○ used program: XAMPP 1.7.7 including

■ Apache 2.2.21■ MySQL 5.5.16■ PHP 5.3.8■ phpMyAdmin 3.4.5

Used Environments

Page 14: Man In The Browser

Zeus Installation

Page 15: Man In The Browser

Demo

Page 16: Man In The Browser

Man In The Browser - ISSA Internationalphoenix.issa.org/wp-content/uploads/2017/04/Man-In-The-Browser.pdf · •Cross-Site Scripting (XSS) allows arbitrary execution of client side

Online-Grundlagen - lehrerselbstverlag.de · Die Soft ware zum Abruf von Webseiten nennt man Web-Browser oder einfach Browser. Web-Browser sind spezielle Programme, die Webinhalte

Timers in Browser

Man-In-The-Browser attacks

Web Browser Security - TU Berlin · 2 3 Browser and Network Browser Network Browser sends requests May reveal private information (in forms, cookies) Browser receives information,

Defeating Man -in the Browser - Entrust Datacard · Defeating Man Malware-in the Browser How to pre vent the latest malware attacks ... tactics to entice users to take specific actions

Using LabSolutions Browser Function for Improved ... · Data Browser Analysis of measured data in LabSolutions is conducted using the quant browser together with the data browser

Web browser dan search engine Kelompok 1 XI IPA 2 MAN SELONG

Understanding and Combating Man- in-the- Browser Attacks · Understanding and Combating Man- in-the-Browser Attacks 22nd Annual FIRST Conference 16 June 2010. Jason Milletary

Design in the browser

CSI2008 Gunter Ollmann Man-in-the-browser

Ontwikkelen in de browser

Y Pac Man Ghost Mods - media.prusaprinters.org · Pac Man Ghost Mods VIEW IN BROWSER updated 6. 1. 2020 | published 6. 1. 2020 pac_man_ghost_mods.stl Y

Client in a Browser

Spider Man Mask Ear Saver - media.prusaprinters.org€¦ · Spider Man Mask Ear Saver VIEW IN BROWSER updated 23. 5. 2020 | published 23. 5. 2020 single-spiderman-v2_01mm_petg_mk3_1h12m.gcode

Men in the Server Meet the Man in the Browser

COMPONENT BASED - 2015.drupalcamp.es · DESIGNING IN THE BROWSER PSD/ for early planning/research phases The composition in the browser Make decisions in the browser Reusable work

App in a Browser

How to Stop Man in the Browser Attacks

WebGL - 3D in your Browser

In-browser storage and me

In-Browser Testing

Eye Spider-Man · Toys & Games > Action Figures & Statues spiderman spider oeil lenses eye s serrum Eye Spider-Man VIEW IN BROWSER updated 8. 5. 2020 | published 8. 5. 2020 • •

Defeating Man-in-the-Browser - BankInfoSecurity.comdocs.bankinfosecurity.com/files/whitepapers/pdf/315_WP...business user, highlighting a growing issue over using a singular approach

WEBLOG 250 - relay.de · ist im Web Browser nicht verfügbar! Zunächst führt man die Netzwerkkonfiguration durch, damit der WebLog alternativ per Browser bedient werden kann und

Man in the browser attacks

Thermo Xcalibur Qual Browser - Thermo Fisher Scientifictools.thermofisher.com/content/sfs/manuals/Man-XCALI-97553-Xcalibur-30... · Thermo Xcalibur Qual Browser Reviewing Qualitative

Man – in – the – Browser Attack 에 관하여

Using browser() in R

Designing (Deciding) in the Browser

Os in-a-browser

Defeating Man-in-the-Browser Malware

Internet-Technologien und Java. Beispiel: Im Browser wird diese Zeile eingegeben. Wie nennt man diese eingegebene Zeile

In browser data stores

Best Browser In The World?