Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Massive IE phishing exploit discovered
ZDNet ^ | December 17, 2004 | Dan Ilett

Posted on 12/17/2004 7:03:17 AM PST by holymoly

Even SP2 versions of Microsoft's Internet Explorer are vulnerable to a spoofing exploit published yesterday.

A vulnerability researcher posted details of a dangerous Internet Explorer (IE) flaw on Thursday that allows phishers to spoof Web sites more realistically than ever before.

According to security company Secunia, Paul from Greyhats -- a research group -- has published details of a vulnerability that can be exploited to spoof the content of any Web site.

Using the exploit, scammers are able to manipulate all versions of IE, including Windows XP SP2 -- the latest and most secure version of the browser -- and spoof the URL and SSL signature padlock located at the bottom of the browser screen.

The vulnerability is caused by a cross-site scripting vulnerability in the DHTML Edit ActiveX control, but because the flaw is within the browser, it can be used against any Web site, Secunia said.

"That is huge," said Thomas Kristensen, chief technology officer for Secunia. "When you cross-site script a Web site, the user can’t see that anything unusual is happening. The URL looks like it's a legitimate site and if you go to the SSL padlock, it will show a certificate for the site even though it is controlled by malicious scripting."

"The malicious Web site can control what is seen in the address bar. People still don't realise the significant impact of cross-site scripting. This is the vulnerability that phishers and scammers have been looking for. You could also steal cookies from any Web site," Kristensen warned.

"The most likely outcome is a phishing email, where users click on a link, then open the browser. They then briefly see the URL of the malicious Web site, and then see the scam Web site," Kristensen added.

Nick McGrath, Microsoft's security spokesman, and the Microsoft UK security team was unavailable to comment at the time of writing because they are in the United States. The company has previously frowned upon researchers who have posted exploits without letting it know first.

Kristensen said he was unsure why Paul chose to publish the exploit before informing Microsoft. Secunia has developed an exploit test on its Web site which is available for download.

Secunia has labelled the vulnerability as "moderately critical" because people cannot use it to access systems.


TOPICS: News/Current Events; Technical
KEYWORDS: browser; exploit; explorer; getamac; ie; internet; internetexploiter; lookoutexpress; lowqualitycrap; microsoft; patch; patchnumber3087142; securityflaw; spoof; trojan; virus; windows; worm
Navigation: use the links below to view more comments.
first 1-2021-4041-54 next last
Alternatives to Microsoft Internet Explorer:

Mozilla/Firefox (Open Source/Freeware)
Opera (Shareware)
Off By One (Freeware)
1 posted on 12/17/2004 7:03:17 AM PST by holymoly
[ Post Reply | Private Reply | View Replies]

To: holymoly

Wonderful


2 posted on 12/17/2004 7:05:17 AM PST by Dog Gone
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

Firefox - The BEST!


3 posted on 12/17/2004 7:06:21 AM PST by frog_jerk_2004
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

IE - Just Say No!


4 posted on 12/17/2004 7:06:40 AM PST by frog_jerk_2004
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly
That's why I use FireFox.
5 posted on 12/17/2004 7:07:39 AM PST by Terabitten (Proud member of the Free Republic wolfpack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

Browser Ping


6 posted on 12/17/2004 7:08:24 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

I didn't realise my google home page had been hijacked to a google clone..www.about.blank.org.

Sneaky. And I have tons of protection running.. Hrmmm


7 posted on 12/17/2004 7:09:21 AM PST by wolficatZ (All I want for Christmas is an Scooby-Doo Chia Pet...(and a M-1 carbine))
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce; Swordmaker
FYI
8 posted on 12/17/2004 7:09:29 AM PST by Fatalis
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

Just changed from IE to Firefox....surprised (not really) to see that the default homepage is GOOGLE.


9 posted on 12/17/2004 7:10:56 AM PST by DCPatriot (I don't do politically correct very well either.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: frog_jerk_2004
Firefox - The BEST!


10 posted on 12/17/2004 7:13:07 AM PST by Bloody Sam Roberts (All I ask from livin' is to have no chains on me. All I ask from dyin' is to go naturally.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: DCPatriot
Just changed from IE to Firefox....surprised (not really) to see that the default homepage is GOOGLE.

Change it.
Firefox Help: Options
11 posted on 12/17/2004 7:15:59 AM PST by holymoly (Merry Christmas! http://tinyurl.com/5mxvw)
[ Post Reply | Private Reply | To 9 | View Replies]

To: DCPatriot
"Just changed from IE to Firefox....surprised (not really) to see that the default"

Now that you have changed to Firefox, go to this thread to help you out.... if you are on a Broadband Internet connection.

How To Speed Up Firefox (Helpful Vanity)

12 posted on 12/17/2004 7:17:50 AM PST by KoRn
[ Post Reply | Private Reply | To 9 | View Replies]

To: holymoly
I've been using the Avant browser and really like it. I prefer it to Firefox and Mozilla because a lot of the plugins that I use work with Avant and not Firefox or Mozilla. But I never see Avant discussed when people talk about security vulnerability. Does Avant have the same problems as IE or is it more immune??
13 posted on 12/17/2004 7:21:10 AM PST by wouldilie (I want a Hippopotamus for Christmas......)
[ Post Reply | Private Reply | To 1 | View Replies]

To: wouldilie
Does Avant have the same problems as IE or is it more immune??

As I recall, Avant runs on the IE engine (it requires IE to work).

The browsers I listed are all stand-alone.

In my opinion, if you're going to break with IE, it should be a clean break.
14 posted on 12/17/2004 7:26:51 AM PST by holymoly (Merry Christmas! http://tinyurl.com/5mxvw)
[ Post Reply | Private Reply | To 13 | View Replies]

To: wolficatZ

I had the "about blank" problem too until I switched browsers. Any time I rebooted I got "about blank" as my home page. I could change it but it would always come back upon rebooting. I finally got rid of it but I have no problems at all using netscape 7.1 browser.


15 posted on 12/17/2004 7:33:50 AM PST by Graybeard58 (Remember and pray for Spec.4 Matt Maupin - MIA/POW- Iraq since 04/09/04)
[ Post Reply | Private Reply | To 7 | View Replies]

To: holymoly

I don't believe a browser change will help here although I use Firefox. If the e-mail comes in and you click on it, you will be redirected. I got one the other day and observed the address and it definitely not was from ebay which allegedly needed to "update" my credit card information. Be aware, be very aware.


16 posted on 12/17/2004 7:37:01 AM PST by RichardW
[ Post Reply | Private Reply | To 1 | View Replies]

To: KoRn

All Hail KoRn!


17 posted on 12/17/2004 7:37:33 AM PST by Zman
[ Post Reply | Private Reply | To 12 | View Replies]

To: RichardW
I don't believe a browser change will help here although I use Firefox.

One extension that would be helpful here is the Spoofstick extension. It tells you the real URL of the page you are on.

18 posted on 12/17/2004 7:39:29 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 16 | View Replies]

To: RichardW
I don't believe a browser change will help here although I use Firefox.

From the article:
"The vulnerability is caused by a cross-site scripting vulnerability in the DHTML Edit ActiveX control"

I still run a vesion of Mozilla, but I believe that, like Mozilla, Firefox does not use ActiveX.  (I don't know about Opera.)  "Off By One" uses no plugins, java, etc., and so is the most secure browser available.

This and other articles I've read state this is a MSIE-only flaw.
19 posted on 12/17/2004 7:43:27 AM PST by holymoly (Merry Christmas! http://tinyurl.com/5mxvw)
[ Post Reply | Private Reply | To 16 | View Replies]

To: holymoly
I have current IE 6, Windows Xp w/ SP-2. The Secunia test shows my IE browser as vulnerable. I also have Forefox, which I use exclusively for browsing on the same machine - Firefox is not vulnerable. I won't open the test page at all.

The only reason I keep IE is that many things exclusively open IE to display content.
20 posted on 12/17/2004 7:53:38 AM PST by IamConservative (To worry is to misuse your imagination.)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-54 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson