>> Recently I discovered a method to defeat the much hyped Citi-Bank
>> Virtual Keyboard Protection which the bank claimed that it defends the
>> customers against malicious programs like keyloggers, Trojans and
>> spywares etc.
>
>Wouldn't that be trivial to snoop on simply by making a trojan / spyware
>application that records a section of screen in the immediate proximity of
>mouse cursor on every mouse click? It's not that resource consuming, and
>easy to arrange.
Something similar was done by variants of the W32/Dumaru family last year.
That was an attack against the e-Gold keypad.
You can read about it here: http://pferrie.tripod.com/vb/dumaru.pdf
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
