Had a customer drop-off her notebook. Said IE was crashing a lot. My wife ran it for an hour or two w/o incident. I decided to give it a shot.
I ran for about an hour and didn't notice anything suspect. Was looking at eBay auctions and wanted to look up some auction history (which requires an SSL-encrypted signin). The images below show what came-up after I entered my user name and password.
I ran back to my machine to change my password on my eBay account as quickly as I could.
I have the hard drive out of the problem notebook now, scanning it w/ corporate Symantec, McAfee, etc.. Wonder what I'll find. AVG, BTW, is giving it a thumbs-up. And there is nothing funny in hosts.
What is very strange is how this was injected. It would seem as something is running in the stack injecting this garbage when you visit sites that ask for security information. Very well done.
I ran for about an hour and didn't notice anything suspect. Was looking at eBay auctions and wanted to look up some auction history (which requires an SSL-encrypted signin). The images below show what came-up after I entered my user name and password.
I ran back to my machine to change my password on my eBay account as quickly as I could.
I have the hard drive out of the problem notebook now, scanning it w/ corporate Symantec, McAfee, etc.. Wonder what I'll find. AVG, BTW, is giving it a thumbs-up. And there is nothing funny in hosts.
What is very strange is how this was injected. It would seem as something is running in the stack injecting this garbage when you visit sites that ask for security information. Very well done.
Comment