Phishing & BotNets
Re: Re: In-session phishing Jan 18 2006 03:46AM
mike sharecube com

The attack you describe (popup after a few secs) is very easy to execute. A user responds on an email link and goes to a malicious web site. Instead of making a copy of a banking site, the malicious code will return a web page with some Javascript. The page opens up a new browser with the intended bank site. The other page resizes/ hides, then pops up the security alert.

This is one reason why Passmarks doesn't fully work well.

We ( avoids this problem using their security model, but this may not the forum for blatant self-indulgent adverts.


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus