Browser Find toolbar phishing attack

2012-02-25T00:00:00
ID SAINT:F599B5776D3E23D9C603AF92F7891EA9
Type saint
Reporter SAINT Corporation
Modified 2012-02-25T00:00:00

Description

Added: 02/25/2012

Background

This tool serves a page claiming to be a list of stolen passwords. When a user sees this list, the most common response is to validate the claim by opening a Find box (Ctrl-F) and searching for his or her own password. The tool intercepts the Ctrl-F keypress and opens a fabricated Find toolbar which captures the user's query. It also adds the query term to the list of passwords and highlights it.

Limitations

Exploit works in Internet Explorer, Firefox, and Google Chrome.

The target must be present in the license key but is unused.