Microsoft shows possible IE7 phishing hole
Microsoft is investigating a possible vulnerability in Internet Explorer 7 that could help cybercrooks to launch phishing scams, the company said Wednesday.
An attacker can use an error message displayed by the latest Microsoft browser to send Web surfers to malicious Web sites that will display with the address of a trusted site, such as a bank, Aviv Raff, a developer in Israel, wrote on his Web site. Raff included an example where the error message directs the Web surfer to a site of his choice.
Microsoft agrees…Windows OneCare performs poor »Microsoft Windows OneCare performed poor test results on Thursday, but the Microsoft officials promised it would do...Microsoft is looking into the issue, a representative said. “Microsoft is not aware of any attacks attempting to use the reported vulnerability,” the representative said in an e-mailed statement. “Microsoft will continue to investigate… to help provide additional guidance for customers as necessary.”
The vulnerability relates to the message IE displays when Web page loading is aborted, Raff wrote. An attacker can rig the message by creating a malicious link. The message will offer a link to retry loading the page; hitting it brings up the attacker’s page, but showing an arbitrary Web address, he wrote.
IE 7 runs on Windows Xp and Windows Vista.
Source:http://news.zdnet.com/
Symantec contradicts McAfee,saying USA is the king land of hackers »A recent security report of McAfee said that the most dangerous internet domains from the world come...
McAfee is guarding on the Internet threats »McAfee,s SiteAdvisor Tool is a free and very useful tool especially designed for protecting home computer users...
Comments
No comments yet.
Leave a comment