$this->articleCE->primaryUrlById(3485126) = /xSP/article.php/3485126/IE+Phishing+Exploit+Reported.htm
IE Phishing Exploit Reported - InternetNews.
RealTime IT News

IE Phishing Exploit Reported

A new potential phishing attack vector was revealed this week that might put Microsoft Internet Explorer users at risk if they're not careful.

The Microsoft Internet Explorer Pop-up Window Title Bar Spoofing Weakness has been rated as less critical by security firm Secunia and has been assigned the CVE reference of CAN-2005-0500. The potential vulnerability was discovered by a security researcher going by the name of Bitlance Winter who posted the exploit code to a popular security disclosure list.

Bitlance's IE phishing exploit apparently takes advantage of a weakness in the way script-initiated pop-up windows are handled by IE.

"Windows XP SP2 forces the title bar to be present in script-initiated Internet Explorer windows," Bitlance Winter wrote. "In the title bar, domain name is listed before the page title." "Using magic DNS, this domain name can be exploited by malicious people to trick users into visiting a malicious pop-up window," he added.

In the exploit code as posted by Bitlance Winter, financial institution Citibank is used as an example.

The code loads the real Citibank Web site in the main window and opens a pop-up window that, as specified by SP2, displays the address of the site, which in the exploit example, does in fact begin with the Citibank.com domain. However, upon closer examination, it's really just a longer address (http://securelogin.citibank.com"+".e-gold.com) that cannot be seen in the pop-up window at the size the script specified for the window.

IE isn't the only browser targeted by phishers hoping to confuse users with some form of spoofed address bar. Alternative browsers such as Mozillla and Firefox were recently reported to be at risk from an IDN Spoofing Security Issue.

In that scenario, the phisher uses international characters in an address bar to trick users into thinking the site is legitimate.