Fandom

The IT Law Wiki

Session hijacking

32,338pages on
this wiki
Add New Page
Talk0 Share

Definition Edit

Session hijacking is

an attack in which a legitimate user session is commandeered. In a session hijacking attack, a user's activities are monitored, typically by a malicious browser component. When the user logs into his or her account, or initiates a transaction, the malicious software "hijacks" the session to perform malicious actions, such as transferring money, once the user has legitimately established his or her credentials.[1]

Overview Edit

"Session hijacking can be performed on a user's local computer by malware, or can also be performed remotely as part of a man-in-the-middle attack. When performed locally by malware, session hijacking can look to the targeted site exactly like a legitimate user interaction, being initiated from the user's home computer."[2]

References Edit

  1. The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, at 10.
  2. Id.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.