the limits of crypto and authentication
Mads Rasmussen
mads at opencs.com.br
Tue Jul 12 13:06:04 EDT 2005
In Brazil there's alot of trojans similar to the one Steven mentioned,
almost all of them targeted at diferent national banks.
A while back they worked as "external pop-ups" as we named them. That is
they appeared on top of the browser appearing visually like when you are
asked for your credencials by the bank (although many times they ask for
all your data including ssn).
Now a days they are more advanced, we have seen trojans lately that
closes the browser and opens a window just like IE and then navigates
the banks site inside, when it comes to entering the credencials it
shows more fields to fill in than normal.
They often come with keyloggers too to rob your pin number as you enter it.
That made the banks use virtual keyboards, entering the PIN with the
mouse on screen, to avoid entering PIN numbers via the keyboard.
Then the bad guys started using mouse loggers that captures a tiny
square with every mouse click.
The captured data are sent via smtp, ftp or via an http post.
The latest trick is to encrypt the captured data with AES although the
key is fixed in the code ;-)
Steven M. Bellovin wrote:
>There's been a lot of discussion about how to strengthen cryptography
>and authentication, to get away from problems of phishing, pharming,
>etc. But such approaches can take you only so far, as this link
>indicates:
>
>http://www.lurhq.com/grams.html
>
>Briefly, it's a Trojan that waits for you to log int o E-Gold, checks
>your balance, and drains your account except for .004 grams of gold.
>
>
--
Mads Rasmussen
Security Consultant
Open Communications Security
+55 11 3345 2525
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list