RE: Defeating Citibank Virtual Keyboard protection using screenshot method
Granted, it's an interesting methodology, but until you can demonstrate
circumvention of the CitiBank keylogger without installing code on the
victim host, a threat is not indicated and cannot be taken seriously.
-----Original Message-----
From: Int3 [mailto:yashks@xxxxxxxxx]
Sent: Wednesday, May 09, 2007 11:14 AM
To: Jim Harrison
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Defeating Citibank Virtual Keyboard protection using
screenshot method
This is not malware, it will only help people to experiment and see the
result without writing one for themself.
Regards,
Yash K.S
On 5/9/07, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
(copied here without permission)
Step by Step Demo:
- Download POC from http://tracingbug.com/downloads/citihook.zip
<http://tracingbug.com/downloads/citihook.zip> and
unzip to some directory
- Launch citihook.exe, this will watch only
https://www.online.citibank.co.in/ URL
Effectively, "Let me install my malware on your machine to
demonstrate
how vulnerable it is."
P-p-p-p-p-p-leeeze (three anti-social points for that quote)!
The "problem" ceases to be a vulnerability at this point.
-----Original Message-----
From: yashks@xxxxxxxxx [mailto:yashks@xxxxxxxxx]
Sent: Monday, May 07, 2007 3:03 AM
To: bugtraq@xxxxxxxxxxxxxxxxx <mailto:bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Defeating Citibank Virtual Keyboard protection using
screenshot
method
Severity: Critical
Platforms Affected:
Microsoft Corporation: Windows 98 Any version
Microsoft Corporation: Windows Me Any version
Microsoft Corporation: Windows XP Any version
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Any version
Microsoft Corporation: Windows NT 4.0 Any version
Citi-Bank: Citi-Bank Virtual Keyboard Any version
Browsers:
Microsoft Internet Explorer Any version
Mozilla FireFox Any version
Any browser runs on Win32 platform ( With slight modification )
Original URL :
http://www.tracingbug.com/index.php/articles/view/23.html
Regards,
Yash K.S <yashks@xxxxxxxxx > | www.tracingbug.com
All mail to and from this domain is GFI-scanned.
All mail to and from this domain is GFI-scanned.