More IE security holes offers opportunities for phishers
October 15, 2004
New security flaws have been discovered in Internet Explorer that offer new ways for hackers to adopt phishing scams to present spoofs that mimic real financial web sites. One of the security holes allow fraudulent displays of a trusted bank or financial institutions' URL in Internet Explorer's address bar, while presenting content from a different web page in the browser window.
Another vulnerability could allow sophisticated attackers to create spoofed pages displaying the golden "lock" icon indicating a secure SSL session, which has often been cited as a differentiator between legitimate sites and scams.
The new spoofing techniques are described in Microsoft security update MS04-038, one of 10 patches released Tuesday to address security problems in Microsoft Windows, Excel and Internet Explorer.
One approach allows a plugin, such as an Active X control, to instruct the browser to display a false URL in the address bar. This could allow phishers to create spoofed pages that resemble a financial institution's login page. and include an Active X control that tricks the browser into displaying the URL of the target site. A visitor with an unpatched browser arriving via an e-mail link would find a site that appears genuine.
Get your advertorials and infomercials written by experts.
Users who have downloaded Windows XP Service Pack 2 are protected, but other users of Internet Explorer 5.5 and 6 need to install the patch to be protected. A separate but similar address bar spoofing flaw exists only in computers using double-byte character sets, usually found in Asian versions of Windows, and is also addressed in the MS04-038 patch.
The SSL flaw, discovered by Mitja Kolsek from ACROS Security, exploits a weakness in the Internet Explorer cache, which stores web pages on a computer's hard drive.
The exploit, described in an analysis by ACROS, requires a combination of advanced techniques to succeed, including a "man in the middle" strategy to redirect a user via bogus DNS requests. While most phishing scams settle for less ambitious approaches, the SSL spoofing flaw could add an air legitimacy to scams mounted by sophisticated attackers.
Netcraft has developed a service to help banks and other financial organizations identify sites which may be trying to construct frauds, identity theft and phishing attacks by pretending to be the bank, or are implying that the site has a relationship with the bank when in fact there is none.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing