For the original Full Screen Counterfeiting Demo please go to here.
Relevant image... (Use browser to download/view.)
This is a FAKE!
This is not a real 'Blue Screen of Death'.
FAKE Logging out...
You are NOT actually being logged out!
This FAKE logout takes 14 seconds (by design)...
FAKE LOGIN SCREEN!
Its only a picture so you can't actually use it!
Try the demo fields below. Don't use real username and password!!
At this point the attackers have a number of options. they can counterfeit Microsoft's
User Account Control behaviour. They can mimic anti-Phishing solutions. (That won't work on my solution! :-) ). However
for this demonstration we are going to counterfeit a 'blue screen of death'. Our counterfeit
will give the user the option of 'Hit return to continue'. Something that actual blue screens
never do. This idea was inspired by a Phishing attack I stumbled upon one day. The Phishing
attack was on Blizzard's World of Warcraft Armory website. The real site never asks for
username and password. However the Phishing site did. Similarly our counterfeit blue
screen will not force a reboot. Rather it will ask the user to 'Hit Return'.
Please note the red text at the top stating that this is a counterfeit i.e. fake.