<![CDATA[[SecurityRatty] tag: devious]]> http://securityratty.com/tag/devious Sat, 26 Apr 2008 20:40:38 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA['Ruthless' Trojan horse steals 500k bank, credit card log-ons]]> http://securityratty.com/article/4ef14ec78676e2f37925236b394ab836 http://securityratty.com/article/4ef14ec78676e2f37925236b394ab836 Add to digg Add to StumbleUpon Add to Twitter Add to Slashdot
]]> Fri, 31 Oct 2008 01:00:00 +0000 online bank accounts devious trojan horse log-ons credit cards rsa security cybercrime 'Ruthless' Trojan horse steals 500k bank, credit card log-ons <![CDATA[Phish Page Steals Your Details, Then Logs You In]]> http://securityratty.com/article/e0c481644319927eb1e7294a68a9efdb http://securityratty.com/article/e0c481644319927eb1e7294a68a9efdb
hablog6.jpg

...or like this:

hablog7.jpg


Generally, when net-savvy users get phished, they're alert enough to know that messages such as the ones above are a clue that they might have stumbled onto a Phishing page (assuming they're 100% sure they entered their details correctly, of course). This "break" in the login cycle has always been a weakness of a phish page, and the typical flow of events is as follows:

1. Visit Phish page
2. Enter details
3. User is told "your login cannot be processed at this time", and your information is stolen

What if the process could go like this:

1. Visit Phish page
2. Enter details
3. Phish page steals your information, but logs you into the target site

You'd miss that vital clue - the failed login - and assume everything was okay.

Well, a Phish for the popular Habbo Hotel caught my eye today because it does just that - seamlessly logging you into Habbo Hotel once your details have been stolen. Here is the Phish page in question:

hablog111.jpg
Click to Enlarge

Here I am, entering my login details into the page:

hablog2.jpg


At this point, a regular Phish page risks giving the game away because of the familiar variations on "Your login could not be processed" that appear at this point in the procedure.

However, the Phish page takes you to a page hosting an encoded base64 script:

hablog3.jpg


From there, the user is deposited onto the Habbo Hotel website, fully logged in - no "Your login could not be processed" messages here!

hablog41.jpg

Click to Enlarge

Meanwhile, my login has been stolen (it's the one in red) and placed in the ever growing pile collected by the Phisher:

hablog5.jpg
Click to Enlarge

From the point where I decided to login to Habbo Hotel, to the point where I'm actually logged into the site there is no break in the usual procedure and I have absolutely no indication I've just been phished. If this kind of devious tactic is employed for banking phishes, it'll make it all the more crucial that end-users start to think about running Anti-Phishing programs and browsers that have built-in Phish Detectors because the stakes seem to have raised once again.

]]> Fri, 22 Aug 2008 10:15:31 +0000 phish phish page steals phish page visit phish page page phish page takes details login details login Phish Page Steals Your Details, Then Logs You In <![CDATA[Genius Hacker Released from Prison; Lands Job with IT Firm]]> http://securityratty.com/article/2b0d3dcff6f8335297448ec57a642b7c http://securityratty.com/article/2b0d3dcff6f8335297448ec57a642b7c Sat, 26 Apr 2008 20:40:38 +0000 billion socit gnrale devious due whiz kerviel trader jan bank Genius Hacker Released from Prison; Lands Job with IT Firm