[OT] Online Banking and Phishing
bevan at forthe.net
Wed Jun 30 04:27:42 CST 2004
Nasty, though you do not need to be a browser plugin to do this.
Simply by monitoring API calls you can intercept the data before it goes
to the cryptlib (or openssl) libraries. It's not that hard, I've got
some code somewhere that I knocked together a year or so ago that does
just that.... somewhere....
On Wed, 2004-06-30 at 12:35, Ian Loxton wrote:
> Seeing as there is considerable discussion going on about online
> banking I thought this recent post might be useful to the discussion.
> > From: codephish at lists.codephish.info
> > On Tue, 8 Jun 2004 21:40, I wrote:
> > > A more sophisticated approach is for the malicious party to
> > > install a proxy program or browser plug-in (as opposed to a
> > > keystroke logger)... If the malware is a browser plug-in or
> > > patch, it can even bypass SSL encryption (by inserting
> > > itself into the data stream before the SSL processing).
> > Lo and behold, what do I see on Slashdot today, but the
> > following.
> > "SANS Internet Storm Center is reporting on a new strain of IE
> > Malware. This one targets bank customers, which in itself is
> > nothing new. But the catch is in the way it does it: it installs
> > a Browser Help Object (BHO) that can capture login information
> > before it is encrypted, and 'watches for HTTPS (secure) access to
> > URLs of several dozen banking and financial sites in multiple
> > countries.'"
> > Slashdot reference:
> > http://slashdot.org/article.pl?sid=04/06/29/1913222
> > SANS reference:
> > http://isc.incidents.org/diary.php?date=2004-06-29
> > Do I win the "prophet of doom" award for this month?
> > Regards,
> > TFBW
> > _______________________________________________
> > CodePhish mailing list
> > CodePhish at lists.codephish.info
> > https://lists.codephish.info/mailman/listinfo/codephish
> "If I create from the heart nearly everything works;
> if from the head, almost nothing."
> Marc Chagall, 20th century artist, a forerunner of surrealism.
Email: bevan at forthe.net
PGP/GPG public key available at http://www.keyserver.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.linuxsa.org.au/pipermail/linuxsa/attachments/20040630/e1bdc583/attachment.bin
More information about the linuxsa