Submission + - Boy in the Browser attack (imperva.com)
Anonymous Coward writes: "Imperva published a security advisory (http://www.imperva.com/resources/adc/adc_advisories_Boy_in_the_Browser.html) on the 14th of February about a new malware attack technique called "boy in the browser". When the malware is executed, for example through a browser exploit, the hosts file is modified to re-map certain domain names to point at malicious servers. Once this is done the malware removes itself from the system leaving behind no obvious traces such as strange files, processes or start-up items making the malware difficult to detect. The attack could result in a user unknowingly entering their details into fake websites and it has already been used to target several Latin American banks.
Some anti-malware applications, such as Spybot Search & Destroy provide an option to protect the hosts file however I don’t have this option available so I created a lightweight program to watch for changes to the hosts file and display a notification balloon when a change is detected. The program and C# source code have been released at http://www.nickbloor.co.uk/2011/02/windows-hosts-file-monitor/"
Some anti-malware applications, such as Spybot Search & Destroy provide an option to protect the hosts file however I don’t have this option available so I created a lightweight program to watch for changes to the hosts file and display a notification balloon when a change is detected. The program and C# source code have been released at http://www.nickbloor.co.uk/2011/02/windows-hosts-file-monitor/"