Phishing & BotNets
Virtual Keyboards Oct 19 2006 02:23AM
Lance James (phishing securescience net) (1 replies)
Re: Virtual Keyboards Oct 19 2006 08:38AM
Thorsten Holz (thorsten holz gmail com) (1 replies)
Re: Virtual Keyboards Oct 20 2006 02:16AM
Lance James (phishing securescience net)
Thorsten Holz wrote:
> On 10/19/06, Lance James <phishing (at) securescience (dot) net [email concealed]> wrote:
>> Some interesting stuff has been popping up with Virtual Keyboards as an
>> idea to protect against phishing malware that does key-logging:
>>
>> Our research in the area of malware has led us to the conclusion that
>> almost all virtual keyboard implementations have been a waste of time
>> since 2003.
>
> A more technical paper:
> http://www.hispasec.com/laboratorio/New_technique_against_virtual_keyboa
rds.pdf
>
>
> And a movie illustrates the whole process:
> http://blog.hispasec.com/virustotal/9
>
> Nothing really new, but a nice implementation...

point being, ever since 2003, virtual keyboards have been effective due
to formgrabbing malware (the majority preference for phishing trojans).

-Lance
>
> Cheers,
> Thorsten
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus