JAR - Javascript Application Redirector - (updated 2007-07-29)
|
Protection against... |
Detection... |
Ease to install |
User usage
(green=easy) |
|
funds transfert |
simple phishing |
MITM phishing |
ISP pharming |
trojan keylogger |
advanced trojan |
before-fraud |
after-fraud |
|
|
|
|
|
|
|
By user |
N/A |
|
|
Goal : protecting user from phishing mirrored content
Installed by : business lines
This script should be copied in a ".js" file and called either in the main Web page, or in all pages.
It's a very simple script which aims at redirecting Web users in 2 cases:
when a phishing site is using a basic Man-in-the-Middle
when the malicious phisher did not take enough time to verify crawled web files
My opinion: it is very easy to insert this "JAR" code, into your Web pages, but this mechanism is also very easy to bypass!
var address="https://www.online-bank.com"; // Put here your real address location
var loc=document.location.href;
function location_ok(){
if (loc.substring(0,address.length)==address){
return true;
}
else return false;
}
function redirect(){
document.location.href=address;
}
if (!location_ok()) {
redirect();
}