The IT Law Wiki

Session hijacking

32,299pages on
this wiki
Add New Page
Talk0 Share

Definition Edit

Session hijacking is

an attack in which a legitimate user session is commandeered. In a session hijacking attack, a user's activities are monitored, typically by a malicious browser component. When the user logs into his or her account, or initiates a transaction, the malicious software "hijacks" the session to perform malicious actions, such as transferring money, once the user has legitimately established his or her credentials.[1]

Overview Edit

"Session hijacking can be performed on a user's local computer by malware, or can also be performed remotely as part of a man-in-the-middle attack. When performed locally by malware, session hijacking can look to the targeted site exactly like a legitimate user interaction, being initiated from the user's home computer."[2]

References Edit

  1. The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, at 10.
  2. Id.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Also on Fandom

Random Wiki