Submission + - Blackhole Man-in-the-Browser Attack Caught in the Act (lmgsecurity.com)
rye writes: Check out these screenshots and videos of a Blackhole phishing attack in action-- complete with charts of the network traffic, where you can see the infected desktop "phone home" to the attacker every 20 minutes on the dot. After 48 hours, the malware executed a man-in-the-browser attack against Bank of America's web site, which you can also see.
Great technical writeup from Sherri Davidoff of LMG Security. Watch hackers execute the man-in-the-browser attack and steal 'Linda's' debit card number, expiration date, security code, Social Security Number, date of birth, driver's license number, and mother's maiden name (yes, all at the same time). Lots of nice screenshots that are great to show your friends so they know how not to get pwned!
Quoting: "Unbeknownst to Mrs. Miller, her infected computer silently initiated a wire transfer from the company’s account for $49,500... Curious, I extracted copies of the phishing emails and malware from each infected workstation. What did it LOOK like when these companies were infected? What were their computers actually doing under the hood? Most of all, I wanted to actually SEE the Man-In-the-Browser attack in action!"
Great technical writeup from Sherri Davidoff of LMG Security. Watch hackers execute the man-in-the-browser attack and steal 'Linda's' debit card number, expiration date, security code, Social Security Number, date of birth, driver's license number, and mother's maiden name (yes, all at the same time). Lots of nice screenshots that are great to show your friends so they know how not to get pwned!
Quoting: "Unbeknownst to Mrs. Miller, her infected computer silently initiated a wire transfer from the company’s account for $49,500... Curious, I extracted copies of the phishing emails and malware from each infected workstation. What did it LOOK like when these companies were infected? What were their computers actually doing under the hood? Most of all, I wanted to actually SEE the Man-In-the-Browser attack in action!"