“As malware becomes more prevalent on end-user devices, criminals are devising new ways to exploit these compromised machines. One of the latest threats is parameter injection.
In parameter injection, the malware intercepts the html associated with the website before it is displayed on the end-user’s machine. The html is modified so that new parameters are shown to the user. These parameters request personal information from the end user in an innocuous way. Silver Tail’s Parameter Injection threat score identifies when there are extra parameters in the http stream returned to the banking website. This can be used to determine when an end user’s machine is infected and whether or not any personal information was lost.”