[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200508052034228.SM00948@JEFFMILLS>
Date: Sat Aug 6 01:34:35 2005
From: fractalg at highspeedweb.net (fractalg@...hspeedweb.net)
Subject: Defeating Citi-Bank Virtual Keyboard Protection
Hi,
>As per my knowledge, there are no such keyloggers or spywares which uses
any technique to defeat virtual keyboards.
>However, the technique that I am going to discuss here can be used by
malicious program writers to write next generation >viruses / worms to
defeat such virtual keyboard protections.
>Hence, I hope people who are using Virtual Keybords shouldn't stay very
over-confident.
Very wrong ;) There are such keyloggers in the wild...I had to "decipher"
the logs of a keylogger that was attacking some banks over here. The logs
had all the information, and all the banks in question used virtual
keyboards.
I had no chance to analyse the program...
Virtual keyboards are not the solution. A much "better" alternative is a
stealth program, who proxies the transactions.
Call it a second order trojan, sitting there, stealthy, doing nothing, and
when it seems some interesting transcation, just redirect it to another
account, for example. That would be much harder to detect.
The incident in question wasn't very hard to manage, because we had the
login to the dump site, and logs were deciphered.
That's one of the problems with keyloggers attack, what it captures must be
dumped somewhere.
fG!
Powered by blists - more mailing lists