Sweet and Simple - This is how this program works. A brief on the algo~m is given below -
Step1: Enumerate all the IE windows and look for the one with CitiBank Login screen (This step is invoked when an IE is opened and a partucular URL is requested) Step2: If found then Create a HTML object Step3: Set the objEliment to 46 (For Credit Card No) and 61 (for IPIN) [Thes numbers are specific to CitiIndia Login page] Note: However, this can be modifed to work universally for Citi-UK and others Step: Retrieve value from those elements End That's all about the program logic. This runs very fast and hardly eats memory ;) Will possible update the source code sometime ... Keep watching !! - DM - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of root Sent: Saturday, August 06, 2005 5:57 PM To: Peter Ferrie Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection Peter Ferrie wrote: > > > > >>>Recently I discovered a method to defeat the much hyped Citi-Bank >>>Virtual Keyboard Protection which the bank claimed that it defends >>>the customers against malicious programs like keyloggers, Trojans and >>>spywares etc. >>> >>> >>Wouldn't that be trivial to snoop on simply by making a trojan / >>spyware application that records a section of screen in the immediate >>proximity of mouse cursor on every mouse click? It's not that resource >>consuming, and easy to arrange. >> >> > >Something similar was done by variants of the W32/Dumaru family last year. >That was an attack against the e-Gold keypad. >You can read about it here: http://pferrie.tripod.com/vb/dumaru.pdf > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > > > > This has already done in 1997 in 'proof of concept' form to do the screen capture process, when 2 Australian banks launched on-screen keypads. I understand the demo took an image of around 10 pixel +- th mouse click position. Nothing terribly new, concept-wise. Lyal _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/