asked on

Tabnabbing - how it spreads

Hi fellow experts,

Im trying to solve the puzzle. I was asked to help my friend with his web server compromised with javascript code injected in some asp and php web pages. What I discovered so far is that is Tabnabbing "attack", a relativelly new form of phishing attack. Looks pretty scary. Detailed info here:

http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

What is the security hole thats causing this and how this spreads, I mean I understand what it does, but how was that code injected in asp or php files in the first place?

Thanks in advance.

Regards

h4x0r_007

Your browser automatically runs and executes the code. And by the way, the link that you provided is actually infected: AVG blocked it and warned me that the website was trying to tabnab me. So to block this exploit, you probably need good security software. See screenshot:

Tabnabber.jpg

R-Byter

ASKER

Thats what it should do, You're right. But Aza Raskin is currently Creative Lead for Firefox. So he just explained and showed live demo about tabnabbing phishing attack. WHat is left unknown is how that code was injected in asp or php pages at web server (code that executes this kind of phishing attack)?

Regards

ASKER CERTIFIED SOLUTION

Johndo58

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

R-Byter

ASKER

Excellent effort, You just need to point a source where You get this text:

http://db.tidbits.com/article/11314

Anyway, can conficker worm be responsible for injecting this tbanabbing code into legitimate pages on web server?

Regards

Johndo58

Sorry thought I had :-)

R-Byter

ASKER

Will award You the points if no one give any more thoughts in a day.

Regards