Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Defeating Citi-Bank Virtual Keyboard Protection

From: <fractalg () highspeedweb net>
Date: Sat, 6 Aug 2005 01:35:16 +0100
Hi,
 

As per my knowledge, there are no such keyloggers or spywares which uses

any technique to defeat virtual keyboards. 

However, the technique that I am going to discuss here can be used by

malicious program writers to write next generation >viruses / worms to
defeat such virtual keyboard protections.

Hence, I hope people who are using Virtual Keybords shouldn't stay very

over-confident. 

Very wrong ;) There are such keyloggers in the wild...I had to "decipher"
the logs of a keylogger that was attacking some banks over here. The logs
had all the information, and all the banks in question used virtual
keyboards.
I had no chance to analyse the program...
Virtual keyboards are not the solution. A much "better" alternative is a
stealth program, who proxies the transactions.
Call it a second order trojan, sitting there, stealthy, doing nothing, and
when it seems some interesting transcation, just redirect it to another
account, for example. That would be much harder to detect.
The incident in question wasn't very hard to manage, because we had the
login to the dump site, and logs were deciphered.
That's one of the problems with keyloggers attack, what it captures must be
dumped somewhere.

fG!


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: