Otro PoC en shortcuts de Win32Have you installed the new Google chrome? Make sure you’re careful with your application shortcuts because I just thought of a very easy way to Phish basic users.
1. Wrap the Chrome browser installation in your own InstallShield.
2. Create a Phising Mirror of Gmail or what ever site you want to Phish.
3. Add Desktop Shortcuts to the InstallShield which link to.
"C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --app=http://login.live..yourfakehotmailwebsite.com
4. Build your InstallShield.
5. Stick a graphic on your website that says “Get Google Chrome Now” and link to your InstallShield build.
When the user install Google chrome from your link they'll get the browser but they will also find some helpful desktop links to their Hotmail/Gmail/Ebay account.
As the Apps mode in Chrome loads in full screen with NO URL BAR (What were they thinking?). The user will happily click on the desktop links thinking it's just a handy shortcut that their friends at Google installed, not knowing it's really a link to our phishing mirror of Gmail.
fuente
:http://www.thewayithink.co.uk/post/Security-Vulnerability-with-Google-Chrome.aspx
Mostrar Mensajes
