CardStealer.

Discussion in 'Computer Security' started by Plompetta, Jun 5, 2004.

  1. Plompetta

    Plompetta Guest

    I don't really understand what is being said below by Mcaffee about this
    virus. Are they saying that it is not a virus, but somehow McAfee detects
    the page is fake and alerts the user accordingly?



    JS/CardStealer

    This detection is for HTML pages which claim to be a legitimate billing page
    that the user must enter their credit card and other personal information
    into. For example the page may masquerade as an AOL or Paypal related page.

    When the user enters information into the page and submits it, the data is
    sent to the author of the trojan page (not AOL or PayPal etc). This is often
    achieved by using remote Formmail scripts to send form data to a specified
    email address.

    Before sending your credit card information over web, always check to
    confirm the address of the web page. Also confirm that the information will
    be encrypted by checking that the lock icon in the status bar is closed. If
    the lock icon is on the HTML page instead of the status bar, that can be
    faked; if it's not on the status bar, it's not secure.
     
    Plompetta, Jun 5, 2004
    #1
    1. Advertising

  2. In article <c9tfc8$qli$>,
    says...
    > I don't really understand what is being said below by Mcaffee about this
    > virus. Are they saying that it is not a virus, but somehow McAfee detects
    > the page is fake and alerts the user accordingly?
    >
    >
    >
    > JS/CardStealer
    >
    > This detection is for HTML pages which claim to be a legitimate billing page
    > that the user must enter their credit card and other personal information
    > into. For example the page may masquerade as an AOL or Paypal related page.
    >
    > When the user enters information into the page and submits it, the data is
    > sent to the author of the trojan page (not AOL or PayPal etc). This is often
    > achieved by using remote Formmail scripts to send form data to a specified
    > email address.
    >
    > Before sending your credit card information over web, always check to
    > confirm the address of the web page. Also confirm that the information will
    > be encrypted by checking that the lock icon in the status bar is closed. If
    > the lock icon is on the HTML page instead of the status bar, that can be
    > faked; if it's not on the status bar, it's not secure.
    >
    >
    >




    yes.



    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel Flagg, Jun 6, 2004
    #2
    1. Advertising

  3. Plompetta

    Plompetta Guest

    "Colonel Flagg" <> wrote in
    message news:...
    > In article <c9tfc8$qli$>,
    > says...
    > > I don't really understand what is being said below by Mcaffee about this
    > > virus. Are they saying that it is not a virus, but somehow McAfee

    detects
    > > the page is fake and alerts the user accordingly?
    > >
    > >
    > >
    > > JS/CardStealer
    > >
    > > This detection is for HTML pages which claim to be a legitimate billing

    page
    > > that the user must enter their credit card and other personal

    information
    > > into. For example the page may masquerade as an AOL or Paypal related

    page.
    > >
    > > When the user enters information into the page and submits it, the data

    is
    > > sent to the author of the trojan page (not AOL or PayPal etc). This is

    often
    > > achieved by using remote Formmail scripts to send form data to a

    specified
    > > email address.
    > >
    > > Before sending your credit card information over web, always check to
    > > confirm the address of the web page. Also confirm that the information

    will
    > > be encrypted by checking that the lock icon in the status bar is closed.

    If
    > > the lock icon is on the HTML page instead of the status bar, that can be
    > > faked; if it's not on the status bar, it's not secure.
    > >
    > >
    > >

    >
    >
    >
    > yes.
    >

    So what type of things does McAffee look for in the web page then? How can
    they distingush between phishing webpages, and ones that use JS/ActiveX,
    etc?
    >
    > --
    > Colonel Flagg
    > http://www.internetwarzone.org/
    >
    > Privacy at a click:
    > http://www.cotse.net
    >
    > Q: How many Bill Gates does it take to change a lightbulb?
    > A: None, he just defines Darkness? as the new industry standard..."
    >
    > "...I see stupid people."
     
    Plompetta, Jun 6, 2004
    #3
  4. Plompetta

    Jim Watt Guest

    On Sun, 6 Jun 2004 14:27:41 +0100, "Plompetta" <>
    wrote:

    > So what type of things does McAffee look for in the web page then? How can
    >they distingush between phishing webpages, and ones that use JS/ActiveX,
    >etc?


    why not ask them?
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jun 6, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page