Link to home
Create AccountLog in
Avatar of R-Byter
R-ByterFlag for Serbia

asked on

Tabnabbing - how it spreads

Hi fellow experts,

Im trying to solve the puzzle. I was asked to help my friend with his web server compromised with javascript code injected in some asp and php web pages. What I discovered so far is that is Tabnabbing "attack", a relativelly new form of phishing attack. Looks pretty scary. Detailed info here:

http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

What is the security hole thats causing this and how this spreads, I mean I understand what it does, but how was that code injected in asp or php files in the first place?

Thanks in advance.

Regards
Avatar of h4x0r_007
h4x0r_007

Your browser automatically runs and executes the code. And by the way, the link that you provided is actually infected: AVG blocked it and warned me that the website was trying to tabnab me. So to block this exploit, you probably need good security software. See screenshot:

Tabnabber.jpg
Avatar of R-Byter

ASKER

Thats what it should do, You're right. But Aza Raskin is currently Creative Lead for Firefox. So he just explained and showed live demo about tabnabbing phishing attack. WHat is left unknown is how that code was injected in asp or php pages at web server (code that executes this kind of phishing attack)?

Regards
ASKER CERTIFIED SOLUTION
Avatar of Johndo58
Johndo58
Flag of Spain image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of R-Byter

ASKER

Excellent effort, You just need to point a source where You get this text:

http://db.tidbits.com/article/11314

Anyway, can conficker worm be responsible for injecting this tbanabbing code into legitimate pages on web server?

Regards
Sorry thought I had :-)
Avatar of R-Byter

ASKER

Will award You the points if no one  give any more thoughts in a day.

Regards