Tabnapping Attack On The Increase

Outsmart Malicious Hackers


This is an interesting new attack, I saw a live demo of it a while back here: Tabnabbing: A New Type of Phishing Attack. All you need to do is let the page load, then browse to another tab for 5 seconds or more and you’ll see the favicon change to Gmail and the page will load a Gmail image.

And apparently the use of this attack is on the rise in the wild according to Panda Labs. It’s a pretty interesting phishing attack and although it’s unable to change the URL in the address bar I believe a lot of people rely on visual cues and may not notice the URL doesn’t match the page content.

The use of Tabnapping, the recently-identified phishing technique, is on the rise, says Panda Labs.

Tabnabbing exploits tabbed browser system in modern web browsers such as Firefox and Internet Explorer, making users believe they are viewing a familiar web page such as Gmail, Hotmail or Facebook. Cybercriminals can then steal the logins and passwords when users enter them on the these hoax pages.

According to Panda’s latest Quarterly Report on IT Threats, the technique is likely to be employed by more and more cybercriminals and users should close all tabs they are not actively using.

I think this could be quite effective, especially for the less technical crown on Facebook and using services like Hotmail and Gmail. It could even extend into targeted localized attacks on online banking systems.

Apparently all browsers are susceptible to this including Chrome, Firefox, Internet Explorer and Opera (on Windows XP anyway). More details in a PC Advisor article here.


Panda also revealed the number of Trojans being used on the web has surged, and they now account for just under 52 percent of all malware. The number of viruses on the web has also increased. Viruses account for 24 percent of all malware on the web.

The security firm said Taiwan had the most number of infection, with just over 50 percent of all global malware infections happening in the country, while Russia and Turkey came close behind.

Panda also revealed attacks on social networks, fake antivirus software and poisoned links in search engines continued to be popular techniques used by cyber criminals.

Using the recent history disclosure bug in most browsers, sneaky attackers could actually scan a users browser to confirm which sites a user has visited then create the tabnapping site according to that – reinforcing its effectiveness.

Perhaps this is something that can be addressed in Firefox as the person who developed this technique is the Creative Lead for Firefox – Aza Raskin.

Source: Network World

Posted in: Exploits/Vulnerabilities, Phishing, Spammers & Scammers

, ,


Latest Posts:


CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack Yahoo! Fined 35 Million USD For Late Disclosure Of Hack
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 year delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public.
Drupwn - Drupal Enumeration Tool & Security Scanner Drupwn – Drupal Enumeration Tool & Security Scanner
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.
MyEtherWallet DNS Hack Causes 17 Million USD User Loss MyEtherWallet DNS Hack Causes 17 Million USD User Loss
Big news in the crypto scene this week was that the MyEtherWallet DNS Hack that occured managed to collect about $17 Million USD worth of Ethereum in just a few hours.


3 Responses to Tabnapping Attack On The Increase

  1. asjodf July 7, 2010 at 1:13 am #

    and what about opera?

    PS.

    WYKOP KURWA!

  2. Deborah S July 7, 2010 at 10:35 am #

    Just don’t have any accounts at these horrendously popular websites, or if you do, don’t develop the habit of leaving them open all the time, and always log off before you close them. So if you see a page on a tab asking you to log back in, you’ll know it’s bogus. Personally, I just don’t open accounts at such places, but that’s mainly because I don’t have any use for them. And for my bank and Paypal, I always open a new window and log off and close it when I’m done. So if another tab mysteriously popped up asking me to log back in, again I’d know it was bogus. But I had these habits long before I ever heard of tabnapping, so I can’t say I developed them just to deal with this new problem. It’s never been a good idea to stay logged in at a website that has your personal and financial information. There’s a ton of ways bad people can take advantage of that.

  3. Eitan Adler July 8, 2010 at 10:39 pm #

    NoScript solves this problem in a remarkably simple way. Obviously blocking Javascript stops the original version of the attack by Aza Raskin. However it does not stop my version of the attack which uses meta refresh.

    Noscript no now longer lets untrusted unfocused pages from changing the page location.