Combination of IE exploit and new phishing tactics…
Published: 5 April 2004 10:05 GMT
The combination of an exploit of a serious vulnerability in Internet Explorer (IE) and a phishing email is posing a serious threat to Internet banking users.
Australian security experts said in an advisory the vulnerability allowed the remote execution of arbitrary code on a local computer by a malicious website.
The perpetrators of the exploit lure unsuspecting Australian users to the malicious website by widely distributing spam emails - purporting to be from one of the Big Four local banks - containing what appears to be a legitimate link to the bank's internet banking site.
The IE vulnerability, however, has allowed the fraudsters to spoof the URL of the bank's legitimate website by manipulating the information displayed in the status bar using an embedded form. The "From:" field of the emails include what is likely to be a valid email address for the bank they purport to be from.
Those who click on the link are directed to a website, however, which automatically executes a malicious key logger program on their computer. The user is then automatically directed to the bank's real internet banking website. The program then captures log-in details when the user logs in to the real site and sends those back to the fraudsters via an email sent via an anonymous mail server based in Russia.
AusCERT senior security analyst Jamie Gillespie said the use of URL obfuscation and exploit to install a program went beyond previous phishing scam moves to fool users into entering data into a fake website.
"[These exploits allow the perpetrators to] capture details when the user enters a true web banking site," he said.
The body copy of the malicious email reads as following:
Dear user!
We are informing you that today, the amount of $XXX AUD has been drawn out of your account. Technical assistance of YYY Bank http://www.ZZZ.com.au
AusCERT said initially in its advisory that it was unaware of any patch being released by Microsoft to deal with the IE vulnerability. Microsoft Australia, however, late in the day released a statement saying it had identified the vulnerability in December last year and released a patch. Gillespie nonetheless warned that AusCERT believed that a large number of home users may not be patched and would still be vulnerable.
Iain Ferguson writes for ZDNet Australia. For more news from ZDNet Australia click here.
URGENT - PEN TESTER - WEB APPS (HOMEBASED / REMOTE) to start THIS MONDAY; Dureation 1 WEEK + EXTENSION (Cica 20 days) for an urgent security pen ...
Title: Web Applications Vulnerability Tester / Penetration Tester Salary: market rates but probably 40k to 60k Company: online / ecommerce company ...
My client, based in Sydney Australia, requires a Senior Technical UI/UX Specialist to design, develop and test an external Web based member ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy