<<< Date Index >>>     <<< Thread Index >>>

Re: Defeating Citibank Virtual Keyboard protection using screenshot method



Hi Yash,

> Severity: Critical
> Platforms Affected:
>
> Microsoft Corporation: Windows 98 Any version
> Microsoft Corporation: Windows Me Any version
> Microsoft Corporation: Windows XP Any version
> Microsoft Corporation: Windows 2000 Any version
[CUT]
...

You are talking about a documented feature, neither a flaw nor a
vulnerability. How can be an API rated?

>Vendor Response:

>No Response from Vendor yet

I cannot imagine Windows with  BitBlt disabled...  :)

This is a known method widely used  in banking trojans since a long time
ago.

Anyway, thanks for sharing your research.

cheers,
- Rubén.