Троянская программа, использующая спуфинг-технологию.
Рассылается по электронной почте под видом важного сообщения от Citibank.
В письме содержится ссылка, в которой использована уязвимость Frame Spoof в Internet Explorer.
Весь текст письма:
Welcome to Citibank Online! Dear Citibank Member, As part of our security measures, we regularly screen activity in the Citibank system. We recently contacted you after noticing an issue on your account. We requested information from you for the following reason: We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive Citibank account features. We understand that this
may be an inconvenience but please understand that this temporary limitation is
for your protection. Case ID Number: PP-112-491-524 This is a third and final reminder to log in to Citibank as soon as possible. Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety. In accordance with Citibank User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in
further limitations or eventual account closure. We encourage you to log in
to your Citibank account as soon as possible to help avoid this. To review your account and some or all of the information that Citibank used to make its decision to limit your account access, please visit the Resolution Center. If, after reviewing your account information, you seek further clarification regarding your account access. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience. Sincerely, Citibank Account Review Department Citibank Email ID PP638 ----------------------------------------------------------------------------- Why is my account access limited? Your account access has been limited for the following reason's: Mar. 29, 2006: We have reason to believe that your account was accessed by a
third party. Because protecting the security of your account is our primary concern, we have
limited access to sensitive CitiCards account features. We understand that this
may be an inconvenience but please understand that this temporary limitation is
for your protection. (Your case ID for this reason is PP-154-572-158.)
Уязвимость Frame Spoof ( MS04-004 ) присутствует в 5.x и 6.x версиях Microsoft Interner Explorer. Компанией Microsoft был опубликован специальный документ , в котором приведено описание данной уязвимости и даны рекомендации по распознаванию подобных ложных ссылок.
Попадая на сайт, пользователи вводят свои учетные данные, после чего они пересылаются злоумышленникам, и те могут получить полный доступ к управлению счетом пользователя.
Собираем и анализируем опыт профессионалов ИБ