Comments (0)

By hayami.wai, May 18, 2007 11:52 pm

If you had activated your copy of XP (or at least you think you had) using your Credit Card details, chances are you had just been phished. Symantec has reported a new and very interesting trojan horse, that rather than doing the usual stuff a trojan horse does, is phishes the victim to provide his/her credit card details.

When infected, the standalone trojan will prompt you to activate your copy of Windows. You have only two choices here, to proceed with activation or to do it later. Choosing the latter will result in your computer shutting down. Naturally you will be forced to activate Windows. Next you are actually required to provide your Credit Card details, at the same time assuring you that you will not be charged (common sense should make you re-think of the credibility of the message).

Comments (0)

By hayami.wai, March 20, 2007 4:30 pm

Aviv Raff, an Isreal-based security researcher had discovered a design flaw in Microsoft’s Internet Explorer 7 which allows cross-site scripting using one of the IE’s local resource and opens users to phishing attacks. According to his blog, it can be exploited by creating a specially crafted navcancl.html local resource link with a script that will display a fake content of a trusted site. By open the link sent by the attacker, a “Navigation Cancelled” page will be displayed. By futher clicking the “Refresh the Page” link, the victime will be linked to a fake website, but with the address bar showing the legitimate address of the trusted site.

proof-of-concept