justin
Australian
join:1999-05-28
Brooklyn, NY
1 edit |  What do you think of this phish? not pretty...
»eBay Java spoof -
not pretty at all for the victims. |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
| Browser Address Bar Spoofing - a new tool in a Phisher's box of tricks.
The second find of a bogus web page involving a spoofed Address Bar makes its appearance within 24 hours of the first, suggesting a new trend in fooling the innocent...
Since Microsoft plugged the vulnerability in Internet Explorer browsers which allowed URL spoofing, fraudsters have found another method of spoofing that shows a genuine URL with a bogus web page.
Address bar spoofing involves the removal of the browser address bar and replacing it with images and text which look exactly like the genuine thing (including the Internet Explorer 'Go' button). Two reports of this worrying new means of fooling internet users have come to MillerSmiles.co.uk in the last 24 hours.
The first report, which involved a bogus eBay web page (see »www.millersmiles.co.uk/identityt···ay-2.php), had a spoofed address bar which showed the URL as a genuine secure URL for part of the ebay.com web site. The actual url of the web page was of-course something completely different and related to a site which has nothing to do with eBay. The user was further presented with a bogus web form to supply personal, financial and account information which would have been sent to fraudsters using a form to mail script.
The second instance occured in less than 24 hours from the first and users were this time faced with a bogus Paypal page with the spoofed address bar again displaying a genuine https URL for part of the paypal.com web site, see »www.millersmiles.co.uk/identityt···al-1.php for more on this phishing scam. [ Continued here... ]
Other reading:
Internet Explorer URL Spoofing Vulnerability »secunia.com/advisories/10395/
Microsoft Internet Explorer 6
Secunia currently has 46 Security Advisories affecting Microsoft Internet Explorer 6. These advisories are listed below. Click the link to view the full advisory. »secunia.com/product/11/
--
Security Forum FAQs..-..Computer Cops - Symantec Forum..-..Starfire "5 in 4" |
|
sivran
Long Live The Suite
Premium
join:2003-09-15
Arlington, TX
clubs:
 ·RoadRunner Cable
| reply to justin
Y'know, at first I thought, "hey that's pretty clever for the phishes."
My second thought was, "you know what'd be even more clever? Finding a way to do it no matter what browser is used."
And then, finally, I asked myself, "Why hasn't this happened, or at least happened in a big way, before now?"
After all, screen capture software and code to remove address bars have been around a long, long time, along with CGI form mailers.
Really evil though, although in the screenshot the address bar did have some flaws which might alert a wary user.
--
Say NO to TCPA
Kerio 2.1.5 - My favorite firewall  |
|
Vvian Kalyss
join:2003-10-14
Stage 5.0
clubs:
| I don't see how they'd get around people using prettified toolbars? You know, the type where you can use images as background.
Very cautious people (and paranoid ones too, no doubt) would probably click on the URL ~ perhaps to highlight then copy-paste somewhere else; I know, I used to do this at work, cause I didn't want to save links in IE's favourites menu, I pasted em into a file on notepad which I stored on floppy. Not 100% foolproof assuredly but at least it stops casual perusal.
--
" Her eyes were just the end of Hell-- / All pain, / Articulate "
Vvian Kalyss   |
|
rosco
Premium
join:2003-11-10
USA | all I can say is WOW, very scummy...but I have to say that it is very ingenious and deceptive...the ability to do something like this has existed for quite some time now...(at least since IE4).
And no one thought of it till now...I am amazed |
|
B
Premium,MVM
join:2000-10-28
|
Oh come on, most of us THOUGHT of it as a possibility. We just weren't the same lazy evil spamming phishing scum who are just now getting around to actually deploying it in the wild.
This only gets worse with Flash and SVG and the like, by the way.
-- B
--
In a realm outside causality and function |
|
rosco
Premium
join:2003-11-10
USA | yes, I should have been more clear. I was thinking along the lines of having thought to do it. Not actually thinking about it. |
|
inTulsa
Premium
join:2002-02-24 | reply to justin
I was surprised by a little JavaScript "trick" that convinced IE to close the original window without prompting. Otherwise the forged window would have drawn the attention of a conventional pop-up. |
|
B
Premium,MVM
join:2000-10-28
|
Security through obscurity recommendation for average users:
1. Download the Mozilla suite (though I like Fireweasel better, this is easier to deal with re: mail and plugins)
2. STOP USING IE. Consider renaming the iexplore.exe file.
3. Set a custom Windows theme and/or a custom Mozilla theme.
Then you most likely will not be fooled by these darned things.
-- B
P.S. Did I mention to turn off HTML in e-mail?
--
In a realm outside causality and function |
|
inTulsa
Premium
join:2002-02-24
| said by B  :
Security through obscurity recommendation for average users:
Preaching to who? Average users are scarce in this forum, they're too busy clicking email attachments to find out what they've won  |
|
B
Premium,MVM
join:2000-10-28 |
Yeah, I know, but there are 246 thread views so far, and they can't ALL be experts, so it couldn't hurt...
-- B
--
In a realm outside causality and function |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
1 edit | reply to justin
From the pics it seemed cute, it's only purpose is to scare IE users, see how scared B is LOL. Run to Mozilla LOL, and when some decides to attack Mozilla Run back to IE?
IE is a great browser, and my nine year old can secure it, Running to other browsers will never solve anything, learn about security and how to secure your browser.
If all one does is run to another browser what do they do when and exploit is found in the browser they are using? Learn security, and enjoy IE.
--
Spam Officially Legal
|
|
SanJoseNerd
Premium
join:2002-07-24
San Jose, CA | reply to justin
Suggestion for protecting yourself: Rearrange your toolbars so that the address bar is above the button bar. Then the phish would be obvious. |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
| IE has a little box that can be checked to lock your tool bar also.
--
Spam Officially Legal |
|
Jason Levine
Premium
join:2001-07-13
USA
| said by Vampirefo :
IE has a little box that can be checked to lock your tool bar also.
I don't believe that that setting prevents JavaScript from opening a window without the address bar. It just is helpful to keep you from accidentally moving your toolbars around.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
| said by Jason Levine :
said by Vampirefo :
IE has a little box that can be checked to lock your tool bar also.
I don't believe that that setting prevents JavaScript from opening a window without the address bar. It just is helpful to keep you from accidentally moving your toolbars around.
Once you move the toolbar you then lock it in place, my reply was for SanJoseNerd suggestion to Rearrange toolbars.
--
Spam Officially Legal |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
| reply to justin
There is an Internet Explorer Address Bar Spoofing Test in my above link to Secunia.
Direct link here:
»secunia.com/internet_explorer_ad···ng_test/
--
General Statement - (not preaching to the choir):
It has been said many times before, IE is as secure as the person sitting behind the screen makes it. Keeping IE Security and Browser settings on High prevents most exploits. Drop Security to medium, and you're on your own and vulnerable.
--
Security Forum FAQs..-..Computer Cops - Symantec Forum..-..Starfire "5 in 4" |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
| said by Sparrow :
--
General Statement - (not preaching to the choir):
It has been said many times before, IE is as secure as the person sitting behind the screen makes it. Keeping IE Security and Browser settings on High prevents most exploits. Drop Security to medium, and you're on your own and vulnerable.
This is very true, if one doesn't take the time to learn how to secure IE why would this same person take the time to learn how to secure another browser?
Security starts with the user, if the user just keeps changing browsers, and not taking the time to learn how to secure them, soon they will be without a browser, and no security at all.
I have seen the same argument between Windows and Linux, some people recommend stop using Windows and use Linux to be secure.
Linux is no more secure than Windows, it's the user that makes one OS more secure, How can a person who can't secure Windows really secure Linux?
--
Spam Officially Legal |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| Hm, so you guys are saying that all software is equally insecure, all accidents stem from the operator, that user interface and application program interface designers don't have to think about security issues at all. Guess you've never looked at industrial design then. Where there is the possibility of a machine cutting the operator or someone else in half, the designer has to think about security above all else. A machine can be lethal, or extremely safe, and so can a browser. Firefox/Mozilla while not proven to be extremely safe is demonstrably and clearly better designed from the security point of view, in its default state, than IE. |
|
rosco
Premium
join:2003-11-10
USA
 ·Verizon Online DSL
| I agree, while it is true that the user should be educated, it is also true that having a browser such as IE, that is widley used and integrated with the OS leads to more problems than a standalone browser i.e. all these alternatives. Besides the fact that they are all obviously different, the main distinction, in my opinion is the fact that IE is so intertwined with the OS.
So while switching to another browser wont solve all of our problems. It wont be so damn easy for the filthy scammers to succeed. |
|
