Login spoofing

From Free net encyclopedia

---

Current revision

Login spoofing is a technique used to obtain a user's password. The user is presented with an ordinary looking login prompt for username and password, which is actually a malicious program under the control of the attacker. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security.

To prevent this, some operating systems require a special key combination (called a Secure attention key) to be entered before a login screen is presented, for example Control-Alt-Delete. Users should be instructed to report login prompts that appear without having pressed this secure attention key. Only the kernel, which is the part of the operating system that interacts directly with the hardware, can detect whether the secure attention key has been pressed, so it cannot be intercepted by third party programs.

Login spoofing can be considered a form of social engineering.

The malicious program is usually called a Trojan horse.

Similarity to Phishing

Whereas the concept of phishing usually involves a scam in which victims respond to unsolicited e-mails that are either identical or similar in appearance to a familar site to which they may have prior affiliation with, login spoofing usually is indicitave of a much more heinous form of vandalism or attack in that the attacker has already gained access to the victim computer to at least some degree.