Granted, it's an interesting methodology, but until you can demonstrate circumvention of the CitiBank keylogger without installing code on the victim host, a threat is not indicated and cannot be taken seriously. -----Original Message----- From: Int3 [mailto:yashks@xxxxxxxxx] Sent: Wednesday, May 09, 2007 11:14 AM To: Jim Harrison Cc: bugtraq@xxxxxxxxxxxxxxxxx Subject: Re: Defeating Citibank Virtual Keyboard protection using screenshot method This is not malware, it will only help people to experiment and see the result without writing one for themself. Regards, Yash K.S On 5/9/07, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: (copied here without permission) Step by Step Demo: - Download POC from http://tracingbug.com/downloads/citihook.zip <http://tracingbug.com/downloads/citihook.zip> and unzip to some directory - Launch citihook.exe, this will watch only https://www.online.citibank.co.in/ URL Effectively, "Let me install my malware on your machine to demonstrate how vulnerable it is." P-p-p-p-p-p-leeeze (three anti-social points for that quote)! The "problem" ceases to be a vulnerability at this point. -----Original Message----- From: yashks@xxxxxxxxx [mailto:yashks@xxxxxxxxx] Sent: Monday, May 07, 2007 3:03 AM To: bugtraq@xxxxxxxxxxxxxxxxx <mailto:bugtraq@xxxxxxxxxxxxxxxxx> Subject: Defeating Citibank Virtual Keyboard protection using screenshot method Severity: Critical Platforms Affected: Microsoft Corporation: Windows 98 Any version Microsoft Corporation: Windows Me Any version Microsoft Corporation: Windows XP Any version Microsoft Corporation: Windows 2000 Any version Microsoft Corporation: Windows 2003 Any version Microsoft Corporation: Windows NT 4.0 Any version Citi-Bank: Citi-Bank Virtual Keyboard Any version Browsers: Microsoft Internet Explorer Any version Mozilla FireFox Any version Any browser runs on Win32 platform ( With slight modification ) Original URL : http://www.tracingbug.com/index.php/articles/view/23.html Regards, Yash K.S <yashks@xxxxxxxxx > | www.tracingbug.com All mail to and from this domain is GFI-scanned. All mail to and from this domain is GFI-scanned.
