Spyware grabs data *before* SSL encryption
Results 1 to 4 of 4

Thread: Spyware grabs data *before* SSL encryption

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884

    Spyware grabs data *before* SSL encryption

    Yes, you heard me correctly.

    http://isc.sans.org/presentations/banking_malware.pdf

    Describes an attack on IE where a file named img1big.gif installs and runs an IE Browser Helper Object that steals information before SSL transmission and sends copies to http://www.refestltd.com/cgi-bin/yes.pl

    Visit the wrong website and IE is invisibly bugged. The thing that is scary is that the gif image is decompressed (UPX compression) and installed with a trojan dropper, then the data is sent using a very crude encryption algorythum. This is designed to beat filtering solutions designed to scan traffic for key words. If you do online banking, be sure to check this out.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    thanks for the heads up
    will norton or mcaffe stop it?

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    I'm not exactly sure at the moment. I can tell you that it is picked up as Small.AA by Kaspersky. This info was mentioned on the trojan horse mailing list earlier today.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    I sure wouldn't consider this just spyware any more. It definately maleware, but has to be illeagle to use such a trojan also.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •