Phishing & BotNets
Re: Re: In-session phishing Jan 18 2006 03:46AM
mike sharecube com

The attack you describe (popup after a few secs) is very easy to execute. A user responds on an email link and goes to a malicious web site. Instead of making a copy of a banking site, the malicious code will return a web page with some Javascript. The page opens up a new browser with the intended bank site. The other page resizes/ hides, then pops up the security alert.

This is one reason why Passmarks doesn't fully work well.

We (Sharecube.com) avoids this problem using their security model, but this may not the forum for blatant self-indulgent adverts.

Mike

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus