Re: Defeating Citibank Virtual Keyboard protection using screenshot method

From: Reversemode <advisories@xxxxxxxxxxxxxxx>
Date: Wed, 09 May 2007 19:53:02 +0200

Hi Yash,

Severity: Critical
Platforms Affected:

Microsoft Corporation: Windows 98 Any version
Microsoft Corporation: Windows Me Any version
Microsoft Corporation: Windows XP Any version
Microsoft Corporation: Windows 2000 Any version

[CUT]
...

You are talking about a documented feature, neither a flaw nor a
vulnerability. How can be an API rated?

Vendor Response:

No Response from Vendor yet

I cannot imagine Windows with BitBlt disabled... :)

This is a known method widely used in banking trojans since a long time
ago.

Anyway, thanks for sharing your research.

cheers,
- Rubén.

References:
- Defeating Citibank Virtual Keyboard protection using screenshot method
  - From: yashks

Prev by Date: Re: [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation
Next by Date: Re: Defeating Citibank Virtual Keyboard protection using screenshot method
Previous by thread: Defeating Citibank Virtual Keyboard protection using screenshot method
Next by thread: Re: Defeating Citibank Virtual Keyboard protection using screenshot method
Index(es):
- Date
- Thread

Relevant Pages

Re: One-way connection: networked XP/2000 PCs
... >>now running the standard Windows firewall on the XP machine. ... >>network. ... + Microsoft Office.lnk Microsoft Office 2000 component Microsoft Corporation ... + Component Categories cache daemon Shell Browser UI Library Microsoft ...
(microsoft.public.windowsxp.network_web)
RE: Help with IISDump file Cont
... CompanyName: Microsoft Corporation ... MicrosoftWindows 2000 Operating System ... FileDescription: Microsoft® WindowsTelephony API Client DLL ...
(microsoft.public.inetserver.iis)
Re: Add Printer Wizard and Spooler Subsystem
... Windows Printing Team ... AcGenral.DLL Windows Compatibility DLL Microsoft Corporation ... ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation ... VERSION.dll Version Checking and File Installation Libraries Microsoft ...
(microsoft.public.windowsxp.print_fax)
RE: Help with IISDump file
... CompanyName: Microsoft Corporation ... MicrosoftWindows 2000 Operating System ... FileDescription: ...
(microsoft.public.inetserver.iis)
Repost TECHIE HELP PLEASE - Very Long
... > + Explorer.exe Windows Explorer Microsoft Corporation ... > + SSC_UserPrompt Norton Security Center Helper Symantec Corporation ... which confirms the signatures of Windows files; ... > + Component Categories cache daemon Shell Browser UI Library Microsoft ...
(uk.people.silversurfers)