Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Microsoft's Edge browser again in the security spotlight

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

December 12, 2016

One more time, it appears that technical support scammers have new bait with the discovery that Microsoft's Edge browser can again be abused to display native and legitimate-looking warning messages to users.

Of course, this is confusing to the users, but that's exactly what the hackers want to continue their mischiefs.

The security flaws exist in Microsoft's Edge protocols 'ms-appx' and 'ms-appx-web' which the MS browser uses to present warning messages when phishing or malware delivery sites are located on the internet.

When 'Edge' detects suspected malicious sites, it colors them red with a feature called "SmartScreen."

Argentina security tester Manuel Caballero asserts that scammers can create various warnings that replace SmartScreen text and phone numbers indicating that a nominated site also displayed in the address bar is infected.

"On any given day, when we place in a telephone-like number, a link is automatically created so the user can call us with a single click. This is very convenient for these scammers," Caballero warned.

By altering URL characters and appending a hash and a URL of a legitimate-looking website, a technical support scam page can be forged that is much more convincing than the deluge of fake Android and blue screen of death pages common to torrent sites.

Caballero then found that some of the Edge assets could be loaded directly through the address bar, albeit with some errors such as ms-appx-web://microsoft.microsoftedge/assets/errorpages/PhishSiteEdge.htm, while others would fail and perform a Bing search on the URL instead.

Those so-called 'errors' could be avoided by simply changing a single character in the URL, and the displayed address would be changed to a legitimate site by appending a hash tag. A very simple and quick fix.

Source: Microsoft.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer