跳到主体内容

Kaspersky Lab Has Patented Technology that Detects Man-in-the-Browser Attacks

2016年9月14日

Kaspersky Lab has announced that it has been awarded a new patent from the United States, for a technology that counteracts the tricks of financial cybercriminals. The new technology detects the implementation of HTML code into a page opened by a client’s browser (Man-in-the-Browser attack).

Kaspersky Lab has announced that it has been awarded a new patent from the United States, for a technology that counteracts the tricks of financial cybercriminals. The new technology detects the implementation of HTML code into a page opened by a client’s browser (Man-in-the-Browser attack).

The technology is based on the use of special "scanning" web pages, which are integrated with a specific HTML code, to encourage malware to reveal its functions.

The creators of financial malware often modify HTML code for the websites of banks. When a client tries to open the necessary page, the malicious program detects this activity and modifies the design of various elements of the web pages (firstly, the input field), and then steals the authentication data entered, or changes the account numbers, to redirect where money is transferred.

Kaspersky Lab experts have developed a kind of ‘trap’- a banking page which has the hallmarks of different financial institution sites (the fragments of HTML code specific to the web pages of banks and payment systems). This technology is already widely used in Kaspersky Fraud Prevention Clientless Malware Detection, which was developed to prevent attempts to access customer bank accounts from infected devices. Once such a web page is opened from an infected device, the malicious program utilizing the Man-in-the-Browser technique will recognize it as the bank's website and try to make changes that will be immediately detected by the system.

"Considering the fact that Man-in-the-Browser technology is implemented by many families of banking trojans, our technology can be used in solutions to protect online banking, as an indicator of infection. If an attempt is made to embed HTML code, it’s highly likely that the user device is infected. Having detected such an attempt, the bank can block the transaction in time to protect its customer’s money from theft. We can also help the users affected by fraud to eliminate the consequences of infection with our specialist Kaspersky Fraud Prevention for Endpoints solution”, said Denis Gorchakov, senior fraud analyst at Kaspersky Fraud Prevention.

More details about Kaspersky Fraud Prevention Clientless Malware Detection are available here
Currently, Kaspersky Lab’s portfolio includes 450 patents issued in Russia, the US, the EU and China. In addition to that, over 320 patent applications are currently under consideration by the patent authorities in these countries.
The description of the technology and patent can be found on the USPTO website.

Kaspersky Lab Has Patented Technology that Detects Man-in-the-Browser Attacks

Kaspersky Lab has announced that it has been awarded a new patent from the United States, for a technology that counteracts the tricks of financial cybercriminals. The new technology detects the implementation of HTML code into a page opened by a client’s browser (Man-in-the-Browser attack).
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻