Action = submit.jsp
08-Aug-08: 08:00: Window title: Welcome to Safe Bank net banking
Userid: 15236523 [tab] Password: Welcome123!
When you browsed to your net banking page and typed in your username and password to login into the online bank, there was a malicious program you were unaware of, named keylogger running in the background logging all the keystrokes into a config.dll file located in C:\WINDOWS\system32 folder. This file contains all the keystrokes typed in. It contains the window title and all those things typed into that window along with few other details. This file will then be uploaded to the attacker’s website which he can use to his benefit.
Round 1: Fight!
Fig 1. Virtual Keyboard (HDFC Net banking VKB)
Fig 2. Virtual Keyboard (Windows in-built)
Round 2: Fight!
Round 3: Fight!
Fig 3: Screen shots of password typed as captured by the malicious code.
Fig 4: p changes to # on a mouse click
Round 4: Fight!
Fig 5: p changes to # on a mouse click and then to r