I am still reeling from the bipartisan idiocy of last night\u2019s Presidential debate, so I thought I\u2019d focus on something slightly less depressing: A major evolution of the Man-in-the-Browser attack. Trusteer, which discovered the enhanced attack,\u00a0elegantly understated the problem, saying,\u00a0\u201cThis development, which we are calling Universal Man-in-the-Browser (uMitB), is significant.\u201d\n\tThere are three things that unfortunately make the uMitB much more effective than its predecessor attacks:\n\t\n\t\tIt is able to gather data from any website someone visits and not just a specific list of sites. Plain old MitBs use\u00a0malware on someone\u2019s computer to monitor a list of targeted websites and then gather information only when users visit\u00a0them. The new beast collects data from all visited sites.\n\t\n\t\tNot only does the new UMitB attack\u00a0collect information from more places, it also parses that data to\u00a0automatically find\u00a0credit-card\u00a0and\u00a0social-security numbers and other sensitive data. Bad guys used to have to wade through massive data dumps to pull out the pertinent facts, which\u00a0slowed the process down and gave victims more time to discover the theft.\n\t\n\t\tThe uMitB also sends the sensitive data\u00a0to\u00a0thieves as soon as it collects it, thereby making the process even more efficient. In the past, hackers\u00a0received these massive unstructured logs only periodically,\u00a0further increasing\u00a0the amount of time it took for the\u00a0data to be put to use.\n\n\tThe folks at Trusteer, who have reportedly been tracking the new attack for several months, say it is the first time they\u2019ve seen the real-time parsing of stolen data.\n\tuMitB\u2019s ability to steal sensitive data without targeting a specific website and perform real-time post-processing removes much of the friction associated with traditional MitB attacks. For example, it could be used to automate card fraud by integrating with and feeding freshly-stolen information to card-selling websites. The impact of uMitBs could be significant since information stolen in real-time is typically much more valuable than \u201cstale\u201d information, and the attacks eliminate the complexities associated with current post-processing approaches.\n\tSo far Trusteer has only encountered uMitBs that target easily-defined strings, such as those for credit-card and Social-Security numbers. Trusteer Senior Security Strategist George Tubin told ThreatPost that he thinks the malware will evolve and eventually be able to find almost any type of data\u2013including usernames and passwords. Ruh roh.