sábado, 5 de junio de 2010

Tabnabbing: Nueva tecnica para phishing.

A new simple "phishing" attack called "tabnabbing" leaves many vulnerable.

This new phishing attack hijacks open browser tabs or windows when the visitor is on another site. Basically it works like this: When you have several browser tabs open because you are multitasking as many do, then visit a website in another tab, the other website detects if it has lost the browser window focus. It then changes it's content including the title tag and favicon.

The tab that was titled for example, "Great widgets" before and had the "Great widgets" favicon, now is called "Gmail" or "Paypal" in the tab, displaying the favicon of this website in the tab, and has replaced it's content with a duplicate login page.

Many may click on the tab without ever looking at the address bar, and inadvertently login. The attacker now has your login information.

Different browsers are affected in different way, with FireFox being the most vulnerable.