<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.32.2">
</HEAD>
<BODY>
On Thu, 2011-10-13 at 20:41 -0400, David Tomaschik wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
On 10/13/2011 06:23 PM, Pat Regan wrote:
> On Thu, 13 Oct 2011 17:16:50 -0400
> David Tomaschik <<A HREF="mailto:david@systemoverlord.com">david@systemoverlord.com</A>> wrote:
>
>> On Thu, Oct 13, 2011 at 3:58 PM, Pat Regan <<A HREF="mailto:thehead@patshead.com">thehead@patshead.com</A>>
>> wrote:
>>> If the malware in question here were using an exploit, why would it
>>> bother trying to get the user to click on it?
>>>
>>> Pat
>> You've never seen "AntiVirus 2009" (and I imagine there is 2010, 2011,
>> etc., but I stopped doing any Windows support in 2009). It's malware
>> that pretends to do an AV scan, finds a list of things, and tells you
>> it can remove them... for $39.99. You go to their website, put in
>> their credit card details, and you're toast. I'm not sure if they
>> actually charge you $39.99, just capture your CC info, or both. Never
>> tried it to find out.
>>
> I understand the concept. What I'm saying is that any malware that
> has to trick someone into installing it is almost certainly not making
> use of any exploits. If it were, it wouldn't need to attempt to
> socially engineer the user.
>
> Pat
>
It's not socially engineering anyone into installing it. It's socially
engineering you into pulling out your credit card and giving them your
details. Last I checked, malware can't reach into my pocket, take out
my wallet, and read my credit card. I hope. (USB RFID reader + "tap to
pay" ?)
</PRE>
</BLOCKQUOTE>
If a phone homing keylogger is installed you could be giving someone your credit card number.<BR>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
-- <BR>
<FONT SIZE="4">Jay Lozier</FONT><BR>
<FONT SIZE="4">jslozier@gmail.com</FONT>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>