The term “man-in-the-middle attack” might not ring a bell for most people because this attack is one of those extremely rare incidents. They are presented in the form of certificate warnings every time a victim visits a site on secure connection. And yes, this can even be experienced in social media and popular sites like Google, Facebook and Twitter. Although helpdesk services on how to remove the malware and combat the attack are available, it’s safe to follow some precautions to prevent this.
More About Man-In-The-Middle Attack
A man-in-the-middle attack can happen to anyone. It is composed of a combined malware and Trojan installation but might appear as an SSL issue. If you see any correct certificate warning, be alerted and do not simply click any button to accept it. Recently, there are reports and investigations going on saying that there’s a self-signed certificate claiming to be from “Thawte.” If you are not familiar with this, you can be an instant victim! At one quick glance from Google results, you can learn that Thawte is one of the major CA trademarks owned by Symantec. However, this certificate was never issued by them.
The implication is that the suspect does not want himself to be known, as he presented himself as a poser to trick the public netizens. When users make the mistake of accepting the certificate, they will be subject to some consequences of malicious intentions.
Affected sites vary in factors and this is regardless of the physical location and the network. Fortunately, a forum member named Sam Van den Vonder has taken a sample of the malware attack and forwarded it to Symantec and Microsoft for further investigation and analysis. What resulted was that the malware is classified as a Trojan horse, specifically the Tatanarg variant named Trojan.Tatanarg.B.
Folks at these groups have suspected that this malware attack has been formed and spread to steal personal information, particularly banking information. Through the man-in-the-middle tactic, these culprits can have the ability to step into the HTTPS connections to websites and playact them as a server. When an independent server connection is made from the user’s end, the user will see an acceptance of security certificate. Once clicked to accept, the malware can receive feeds from whatever the user is visiting and entering on web pages. It’s possible then to get user information and credentials including passwords and bank account information.
Symantec and Microsoft have seen that there’s not only one Trojan that’s bothering users at this time but many more. When users fail to know about this immediately, their money in banks could be transferred to the suspect. The best protection is to not click any of these untrusted certificates or just to process reinstallation of the computer’s operating system.
Getting more technical, it’s also advisable to always encrypt any data that you pass to other servers and sites. In this way, hackers and malicious guys won’t be able to decrypt them and take advantage of them for the wrong reasons.
Nowadays, as technical movements are improving, the attacker or the bad guys also have improved tactics to spoil your day. Whether it be stealing money from your backdoor or doing other things to ruin your identity online, you should prevent such schemes by changing your passwords often (if you don’t know your computer is already affected). When logging on to sites which require confidential information, make sure that you are not using a public network to avoid such costs. Fake security certificates are still now in circulation. Another safety step is to disable all your browser plugins and enable them only as needed.
Author: Mishka Tolentino is a business student at University of Westminster. She is a freelance writer, web enthusiast and social advocate. She spends her free time listening to classical music and taking snapshots. Follow her on twitter @mishkatolentino.
Small Biz Club is the premier destination for small business owners and entrepreneurs. To succeed in business, you have to constantly learn about new things, evaluate what you’re doing, and look for ways to improve—that’s what we’re here to help you do.