In-session phishingJan 08 2006 12:53AM Matt Richard (matt richard gmail com) (1 replies)
Re: In-session phishingJan 08 2006 10:14AM Rafael San Miguel Carrasco (smcsoc yahoo es) (1 replies)
Have you considered the fact that pop-up may be triggered as a result of
a second-order injection attack?
Malicious Javascript code would have been injected by the attacker in
his or her own session, then triggered when other users log-in.
I remember someting similar (not in e-banking tough) happening a few
months ago.
Greetings,
Rafael San Miguel Carrasco
Matt Richard wrote:
>I recently heard rumors of several financial institutions impacted by
>"in-session phishing". The description of the attack was that the
>user would log in to their internet banking site and shortly after a
>pop-up would appear with a "Security Confirmation" page requesting
>personal information to allow continued use of the internet banking
>site.
>
>>From the information I have been able to gather it appears that pop-up
>is triggered by local malware on the end users pc. What makes this
>interesting is that the attack may have been targeted at a specific
>internet banking vendor that services small financial institutions. I
>am under the impression that the site hosting the "Security
>Confirmation" page has been taken down and unfortunately I don't have
>any other details.
>
>My questions to the list are:
>
>1) Other than some older malware (Bugbear.B) and general purpose
>keyloggers is anyone aware of malware used for similar "in-session"
>phishing?
>
>2) Has anyone heard or seen this specific method in use?
>
>--
>Matt Richard
>http://www.mullingsecurity.com
>
>
>
Have you considered the fact that pop-up may be triggered as a result of
a second-order injection attack?
Malicious Javascript code would have been injected by the attacker in
his or her own session, then triggered when other users log-in.
I remember someting similar (not in e-banking tough) happening a few
months ago.
Greetings,
Rafael San Miguel Carrasco
Matt Richard wrote:
>I recently heard rumors of several financial institutions impacted by
>"in-session phishing". The description of the attack was that the
>user would log in to their internet banking site and shortly after a
>pop-up would appear with a "Security Confirmation" page requesting
>personal information to allow continued use of the internet banking
>site.
>
>>From the information I have been able to gather it appears that pop-up
>is triggered by local malware on the end users pc. What makes this
>interesting is that the attack may have been targeted at a specific
>internet banking vendor that services small financial institutions. I
>am under the impression that the site hosting the "Security
>Confirmation" page has been taken down and unfortunately I don't have
>any other details.
>
>My questions to the list are:
>
>1) Other than some older malware (Bugbear.B) and general purpose
>keyloggers is anyone aware of malware used for similar "in-session"
>phishing?
>
>2) Has anyone heard or seen this specific method in use?
>
>--
>Matt Richard
>http://www.mullingsecurity.com
>
>
>
[ reply ]