Advertisement
Promo

Security threats Toolkit

Massive IE phishing exploit discovered

Dan Ilet ZDNet.co.uk

Published: 17 Dec 2004 13:10 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A vulnerability researcher posted details of a dangerous Internet Explorer (IE) flaw on Thursday that allows phishers to spoof Web sites more realistically than ever before.

According to security company Secunia, Paul from Greyhats -- a research group -- has published details of a vulnerability that can be exploited to spoof the content of any Web site.

Using the exploit, scammers are able to manipulate all versions of IE, including Windows XP SP2 -- the latest and most secure version of the browser -- and spoof the URL and SSL signature padlock located at the bottom of the browser screen.

The vulnerability is caused by a cross-site scripting vulnerability in the DHTML Edit ActiveX control, but because the flaw is within the browser, it can be used against any Web site, Secunia said.

"That is huge," said Thomas Kristensen, chief technology officer for Secunia. "When you cross-site script a Web site, the user can’t see that anything unusual is happening. The URL looks like it's a legitimate site and if you go to the SSL padlock, it will show a certificate for the site even though it is controlled by malicious scripting."

"The malicious Web site can control what is seen in the address bar. People still don't realise the significant impact of cross-site scripting. This is the vulnerability that phishers and scammers have been looking for. You could also steal cookies from any Web site," Kristensen warned.

"The most likely outcome is a phishing email, where users click on a link, then open the browser. They then briefly see the URL of the malicious Web site, and then see the scam Web site," Kristensen added.

Nick McGrath, Microsoft's security spokesman, and the Microsoft UK security team was unavailable to comment at the time of writing because they are in the United States. The company has previously frowned upon researchers who have posted exploits without letting it know first.

Kristensen said he was unsure why Paul chose to publish the exploit before informing Microsoft. Secunia has developed an exploit test on its Web site which is available for download.

Secunia has labelled the vulnerability as "moderately critical" because people cannot use it to access systems.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
104 out of 226 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

5 comments

  1. Suprise, suprise. Another day. Another ActiveX vun... Anonymous
  2. Firefox here I come! To hell with work polici... CocaCola
  3. Surprise - this is always happening. Anonymous
  4. Why not inform Microsoft about an exploit first? E... Arthur B.
  5. Get rid of your IE/Windows OS and never use IE to... Anthony Cea

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

SC Security Cleared penetration testers Contract Reading

Developer - Ajax, PHP, MySql

Linux Test Analyst, 30k - 40k

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters