For the original Full Screen Counterfeiting Demo please go to here.
|
At this point the attackers have a number of options. they can counterfeit Microsoft's
User Account Control behaviour. They can mimic anti-Phishing solutions. (That won't work on my solution! :-) ). However
for this demonstration we are going to counterfeit a 'blue screen of death'. Our counterfeit
will give the user the option of 'Hit return to continue'. Something that actual blue screens
never do. This idea was inspired by a Phishing attack I stumbled upon one day. The Phishing
attack was on Blizzard's World of Warcraft Armory website. The real site never asks for
username and password. However the Phishing site did. Similarly our counterfeit blue
screen will not force a reboot. Rather it will ask the user to 'Hit Return'.
Please note the red text at the top stating that this is a counterfeit i.e. fake.