Re: Defeating Citibank Virtual Keyboard protection using screenshot method

To: Securityfocus <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: Defeating Citibank Virtual Keyboard protection using screenshot method
From: Reversemode <advisories@xxxxxxxxxxxxxxx>
Date: Wed, 09 May 2007 19:53:02 +0200
Cc: yashks@xxxxxxxxx
In-reply-to: <20070507100243.16064.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20070507100243.16064.qmail@xxxxxxxxxxxxxxxxx>
Sender: Reversemode <advisories@xxxxxxxxxxxxxxx>
User-agent: Thunderbird 1.5.0.10 (Windows/20070221)

Hi Yash,

> Severity: Critical
> Platforms Affected:
>
> Microsoft Corporation: Windows 98 Any version
> Microsoft Corporation: Windows Me Any version
> Microsoft Corporation: Windows XP Any version
> Microsoft Corporation: Windows 2000 Any version
[CUT]
...

You are talking about a documented feature, neither a flaw nor a
vulnerability. How can be an API rated?

>Vendor Response:

>No Response from Vendor yet

I cannot imagine Windows with  BitBlt disabled...  :)

This is a known method widely used  in banking trojans since a long time
ago.

Anyway, thanks for sharing your research.

cheers,
- Rubén.

References:
- Defeating Citibank Virtual Keyboard protection using screenshot method
  - From: yashks

Prev by Date: Re: [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation
Next by Date: Re: Defeating Citibank Virtual Keyboard protection using screenshot method
Previous by thread: Defeating Citibank Virtual Keyboard protection using screenshot method
Next by thread: Re: Defeating Citibank Virtual Keyboard protection using screenshot method
Index(es):
- Date
- Thread