Re: Defeating Citibank Virtual Keyboard protection using screenshot method
On 7 May 2007 yashks@xxxxxxxxx wrote:
> Severity: Critical
Erm, you do realize malware has been doing this for a long long time now,
right?
Virtual keyboards come as a solution for fighting one type of phishing and
one type alone. OCR or screenshots of mouse position on-click, for
example, are happening daily.
In most cases, it isn't really required to take screenshots:
http://blogs.securiteam.com/index.php/archives/678
Gadi.
>
> Platforms Affected:
>
> Microsoft Corporation: Windows 98 Any version
> Microsoft Corporation: Windows Me Any version
> Microsoft Corporation: Windows XP Any version
> Microsoft Corporation: Windows 2000 Any version
> Microsoft Corporation: Windows 2003 Any version
> Microsoft Corporation: Windows NT 4.0 Any version
> Citi-Bank: Citi-Bank Virtual Keyboard Any version
>
> Browsers:
> Microsoft Internet Explorer Any version
> Mozilla FireFox Any version
> Any browser runs on Win32 platform ( With slight modification )
>
> Original URL : http://www.tracingbug.com/index.php/articles/view/23.html
>
> Regards,
> Yash K.S <yashks@xxxxxxxxx > | www.tracingbug.com
>