Ein interessanter und garnicht mal so doofer Trick. Die AusfÃ¼hrung gefÃ¤llt sehr. :)
Es wird folgendes gezeigt:
- User goes to Google and performs a search.
- Man in the middle detects the action and proceeds to inject their own content.
- He then frames another search query to correctly position the content inside the follow mouse script.Â
- As the evil search query loads, he injects a meta refresh to reload the same page forcing Google Desktop to load. In the example video below I am launching hyperterm, but you could make it any program already installed on the victim machine that is indexed by Google Desktop.Â
- User inadvertantly clicks on evil Google Desktop query which actually runs the associated program.