Overclock.net › Forums › Software, Programming and Coding › Networking & Security › A New type of Malware?
New Posts  All Forums:Forum Nav:

A New type of Malware?

post #1 of 3
Thread Starter 
So I started thinking about this and sat down and started considering what would be the most effect way to steal someone's password without them knowing and without physically being at the computer. (I'm a white hat by trade so this is what I do.)

I started thinking about keyloggers and how much "bloat" you get in the midst of things. If I wanted bank info then 9 times out of 10 people are going to use a browser to look at it. This lead me to an interesting idea

Rather than capturing key presses would it be possible to capture cookie, packet, and form data from the browser itself. IE: I get the user to click some link which installs a "plug in" and that plug in captures the HTTP request being sent out. The form data from the website prior to submission, and the cookie and session id from the machine.

Now that gives me several methods of attack. I can hijack the session, duplicate the post packet sent to the server, or simply go the hard way and duplicate the form sent to the server.

Now in the http request there should be a host with port attached to figure out where I'm logging into as well..


Someone tell me the flaw in my thinking because I know there must be one.


And no I'm not trying to figure out how to hack someone's machine, just trying to figure out new ways to defend against this.
Edited by Black Magix - 4/14/12 at 11:58pm
Nightshade
(20 items)
 
  
CPUMotherboardGraphicsGraphics
i7-4930k Asus Rampage IV Extreme EVGA - Titan-X Superclocked EVGA - Titan-X 
RAMHard DriveHard DriveHard Drive
64 GB Corsair Vengance DDR3 OCZ Agility 3 Intel 540 240GB 7200 RPM Platter Drive 
Hard DriveCoolingOSMonitor
1TB Mushkin SSD Watercooled Windows 10 Pro x64 ASUS ROG Swift 
KeyboardPowerCaseMouse
Razer Black Widow Chroma Corsair RM1000 Corsair 900D Razer Deathadder Chroma 
Mouse PadAudioOther
Steelseries Soundblaster Z Speakers: Logitech z5500 
  hide details  
Reply
Nightshade
(20 items)
 
  
CPUMotherboardGraphicsGraphics
i7-4930k Asus Rampage IV Extreme EVGA - Titan-X Superclocked EVGA - Titan-X 
RAMHard DriveHard DriveHard Drive
64 GB Corsair Vengance DDR3 OCZ Agility 3 Intel 540 240GB 7200 RPM Platter Drive 
Hard DriveCoolingOSMonitor
1TB Mushkin SSD Watercooled Windows 10 Pro x64 ASUS ROG Swift 
KeyboardPowerCaseMouse
Razer Black Widow Chroma Corsair RM1000 Corsair 900D Razer Deathadder Chroma 
Mouse PadAudioOther
Steelseries Soundblaster Z Speakers: Logitech z5500 
  hide details  
Reply
post #2 of 3
Well thayts kind of the *cough new* cough "man in the browser, you injecyt yoursself into chrome.exe firefox.exe ie..exe and wait for the barclays.com before modifying the page,

This is easily detected on some by things such as no script however, also all that form data is encrypted as everywhere does https rolleyes.gif

You can also get "inteleigent" key logger that look at what form entry you clicing just to get logins, most people suffer the sin of passdword reuse.

Zeus was the best at stealing bank details and it still is, the recent mac one had the same potential, its a good job the writers just wanted to play with apple
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
post #3 of 3
Quote:
Originally Posted by Ulquiorra View Post

Well thayts kind of the *cough new* cough "man in the browser, you injecyt yoursself into chrome.exe firefox.exe ie..exe and wait for the barclays.com before modifying the page,
This is easily detected on some by things such as no script however, also all that form data is encrypted as everywhere does https rolleyes.gif
You can also get "inteleigent" key logger that look at what form entry you clicing just to get logins, most people suffer the sin of passdword reuse.
Zeus was the best at stealing bank details and it still is, the recent mac one had the same potential, its a good job the writers just wanted to play with apple

This guy, like ... Drunk?
Ethan's pooter
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 980x Gigabyte X58-UDR3 EVGA Nvidia GTX 590 Classified 24 gig of Kingston Hyper-X 
Hard DriveCoolingOSMonitor
Hitachi  Corsair Hydro Series H70 CORE High Performance ... Windows 7 Ultimate 64x ASUS VW266H 
KeyboardPowerCaseMouse
Logitech G510 Corsair TX 750 watt Cooler Master HAF 932 Logitech G9x 
Mouse PadAudioOther
EVGA GTX 590 Classified mousepad HT Omega eClaro Astro Gaming A40s 
  hide details  
Reply
Ethan's pooter
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 980x Gigabyte X58-UDR3 EVGA Nvidia GTX 590 Classified 24 gig of Kingston Hyper-X 
Hard DriveCoolingOSMonitor
Hitachi  Corsair Hydro Series H70 CORE High Performance ... Windows 7 Ultimate 64x ASUS VW266H 
KeyboardPowerCaseMouse
Logitech G510 Corsair TX 750 watt Cooler Master HAF 932 Logitech G9x 
Mouse PadAudioOther
EVGA GTX 590 Classified mousepad HT Omega eClaro Astro Gaming A40s 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › A New type of Malware?