RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection

From: Debasis Mohanty (mail_at_hackingspirits.com)
Date: 08/06/05

  • Next message: fractalg_at_highspeedweb.net: "RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection"
    To: "'root'" <lyal.collins@key2it.com.au>, "'Peter Ferrie'" <pferrie@symantec.com>
    Date: Sat, 6 Aug 2005 04:05:30 +0530
    
    

    Sweet and Simple - This is how this program works.

    A brief on the algo~m is given below -

    Step1: Enumerate all the IE windows and look for the one with CitiBank Login
    screen (This step is invoked when an IE is opened and a partucular URL is
    requested)

    Step2: If found then Create a HTML object

    Step3: Set the objEliment to 46 (For Credit Card No) and 61 (for IPIN) [Thes
    numbers are specific to CitiIndia Login page] Note: However, this can be
    modifed to work universally for Citi-UK and others

    Step: Retrieve value from those elements

    End

    That's all about the program logic. This runs very fast and hardly eats
    memory ;)

    Will possible update the source code sometime ... Keep watching !!

    - DM -

    -----Original Message-----
    From: full-disclosure-bounces@lists.grok.org.uk
    [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of root
    Sent: Saturday, August 06, 2005 5:57 PM
    To: Peter Ferrie
    Cc: full-disclosure@lists.grok.org.uk
    Subject: Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard
    Protection

    Peter Ferrie wrote:

    >
    >
    >
    >
    >>>Recently I discovered a method to defeat the much hyped Citi-Bank
    >>>Virtual Keyboard Protection which the bank claimed that it defends
    >>>the customers against malicious programs like keyloggers, Trojans and
    >>>spywares etc.
    >>>
    >>>
    >>Wouldn't that be trivial to snoop on simply by making a trojan /
    >>spyware application that records a section of screen in the immediate
    >>proximity of mouse cursor on every mouse click? It's not that resource
    >>consuming, and easy to arrange.
    >>
    >>
    >
    >Something similar was done by variants of the W32/Dumaru family last year.
    >That was an attack against the e-Gold keypad.
    >You can read about it here: http://pferrie.tripod.com/vb/dumaru.pdf
    >
    >_______________________________________________
    >Full-Disclosure - We believe in it.
    >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    >Hosted and sponsored by Secunia - http://secunia.com/
    >
    >
    >
    >
    This has already done in 1997 in 'proof of concept' form to do the screen
    capture process, when 2 Australian banks launched on-screen keypads.
    I understand the demo took an image of around 10 pixel +- th mouse click
    position.

    Nothing terribly new, concept-wise.

    Lyal
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: fractalg_at_highspeedweb.net: "RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection"

    Relevant Pages

    • Re: [Full-disclosure] windows future
      ... Vista and Windows 7. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Windows XP bug
      ... It could be something rare but makes web apps on Windows ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Save XP
      ... If you have any concrete arguments in defense of Windows based operating ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Windows future (reprise)
      ... The headers on your email show that you are using Pegasus Mail for Windows. ... Subject: [Full-disclosure] Windows' future ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
      (Full-Disclosure)
    • Re: [Full-disclosure] [OT] Obama said: "American people understand that not everybodys been foll
      ... **Steve Crawshaw, former B&B boss ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... Full-Disclosure - We believe in it. ...
      (Full-Disclosure)