WebApp Sec mailing list archives
viral phishing
From: "dpw" <dainw () fsr com>
Date: Fri, 5 May 2006 15:48:59 -0700
I just read this in the Haval Daar security newsletter: American Express has issued a warning about what it calls a false security measures pop-up screen that appears when users log in to its secure site. The credit card and travel services company posted an alert on its website about the pop-up which tries to lure the user into entering name, social security number, mother's maiden name and date of birth. The company has further stated that the pop-up is the not result of a compromise of its website. Rather, it appears to be caused by a virus residing on the user's machine. Researchers tracking malicious Internet activity say the fake pop-up is a classic example of a banking Trojan targeting specific financial institutions. Such Trojans are usually spammed as attachments or URLs to malicious Web sites and stealthily infect unpatched computers running without anti-virus protection. related: http://www.eweek.com/article2/0,1895,1955288,00.asp http://www10.americanexpress.com/sif/cda/page/0,1641,24381,00.asp I haven't heard of this before - pretty clever. Dain White Senior Developer / Webmaster First Step Internet - www.fsr.com 208-882-8869 ext. 440 ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r --------------------------------------------------------------------------
Current thread:
- viral phishing dpw (May 05)