Browser Find toolbar phishing attack

2012-02-25T00:00:00
ID SAINT:119A2EE57BD7BCE4238073835FA2118E
Type saint
Reporter SAINT Corporation
Modified 2012-02-25T00:00:00

Description

Added: 02/25/2012

Background

This tool serves a page claiming to be a list of stolen passwords. When a user sees this list, the most common response is to validate the claim by opening a Find box (Ctrl-F) and searching for his or her own password. The tool intercepts the Ctrl-F keypress and opens a fabricated Find toolbar which captures the user's query. It also adds the query term to the list of passwords and highlights it.

Limitations

Exploit works in Internet Explorer, Firefox, and Google Chrome.

The target must be present in the license key but is unused.