Phishing & BotNets
In-session phishing Jan 08 2006 12:53AM
Matt Richard (matt richard gmail com) (1 replies)
Re: In-session phishing Jan 08 2006 10:14AM
Rafael San Miguel Carrasco (smcsoc yahoo es) (1 replies)
Re: In-session phishing Jan 08 2006 01:09PM
Matt Richard (matt richard gmail com) (1 replies)
On 1/8/06, Rafael San Miguel Carrasco <smcsoc (at) yahoo (dot) es [email concealed]> wrote:
>
> Have you considered the fact that pop-up may be triggered as a result of
> a second-order injection attack?

The second hand description of the attack seems to strongly hint
towards local malicious code but this idea seems plausible. One of
the remediation steps that allegedly eliminated the attack was a full
virus scan with the latest definitions as of 1/3/06. Of course this
is the problem with second hand information, without knowing what the
AV actually detected it could have been anything. For all we know the
AV may have detected the specific phishing html page as so many of
them not do.

> Malicious Javascript code would have been injected by the attacker in
> his or her own session, then triggered when other users log-in.
> I remember someting similar (not in e-banking tough) happening a few
> months ago.

I would agree that I'm not familiar with any instances related to
e-banking and in-session activity.

--
Matt Richard
http://www.mullingsecurity.com

[ reply ]
Re: In-session phishing Jan 08 2006 11:47AM
Lance James (bugtraq securescience net) (1 replies)
New to phishing Feb 17 2006 10:32AM
Athanatos Manos (mathanatos gmail com) (1 replies)
Re: New to phishing Feb 21 2006 01:26PM
Alice Bryson (abryson bytefocus com) (1 replies)
Re: New to phishing Feb 21 2006 02:38PM
Athanatos Manos (mathanatos gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus