Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Defeating Citibank Virtual Keyboard protection using screenshot method

From: Gadi Evron <ge () linuxbox org>
Date: Wed, 9 May 2007 12:56:32 -0500 (CDT)
On 7 May 2007 yashks () gmail com wrote:

Severity: Critical 


Erm, you do realize malware has been doing this for a long long time now,
right?

Virtual keyboards come as a solution for fighting one type of phishing and
one type alone. OCR or screenshots of mouse position on-click, for
example, are happening daily.

In most cases, it isn't really required to take screenshots:
http://blogs.securiteam.com/index.php/archives/678

        Gadi.




Platforms Affected:

Microsoft Corporation: Windows 98 Any version 
Microsoft Corporation: Windows Me Any version 
Microsoft Corporation: Windows XP Any version
Microsoft Corporation: Windows 2000 Any version 
Microsoft Corporation: Windows 2003 Any version 
Microsoft Corporation: Windows NT 4.0 Any version
Citi-Bank: Citi-Bank Virtual Keyboard Any version 

Browsers:
Microsoft Internet Explorer Any version
Mozilla FireFox Any version
Any browser runs on Win32 platform ( With slight modification )

Original URL : http://www.tracingbug.com/index.php/articles/view/23.html

Regards,
Yash K.S <yashks () gmail com > | www.tracingbug.com
Previous By Date Next
Previous By Thread Next

Current thread: