Internet Explorer exploit - phishing-related

Discussion in 'Off-Topic Chat' started by rutty, Apr 6, 2006.

  1. rutty

    rutty Active Member

    Secunia have released a test to see if your internet browser is vulnerable to an exploit that can spoof the address in your address bar:

    What happens, is that they're using some code that initially opens the page in Google (in this case) then redirects you to the secunia site. If you still see the Google address in your address bar then your browser is vulnerable to this. This doesn't affect my version of Firefox, but it does work with my copy of IE.

    This is very significant, in that it's possible for a scammer to use this to make you think that you're browsing your bank's website, when in fact you're browsing a webpage on a server in Russia, or similar. Be VERY careful if you get an email from your bank. Never, ever click through to your bank, or other financial services, from an email. Always connect via your favourites or type it in manually.

    This is today's public service announcement :)
  2. TheMusicMan

    TheMusicMan tMP Founder Staff Member

    I can only emphasise further what Dave says... never, ever click on a 'click here' link in an email that alledges to be from your bank. You seriously run the risk of someone exploiting your banking details if so.

    This IE vulnerability is a clear example of how a hacker/scammer can gain access to your banking details and thus access your accounts.

    Be careful, these scammers are becoming ever more clever.
    Last edited by a moderator: Apr 6, 2006
  3. Will the Sec

    Will the Sec Active Member

    My BT Yahoo browser is also affected.
  4. MartinT

    MartinT Member

  5. tinytimp

    tinytimp Member

    So is there anything you can do to get around this vulnerability, apart from keeping your AV software up to date?
  6. Sop_Or_Bass?

    Sop_Or_Bass? Member

    I'd better stop using IE and just stick with Firefox, as Firefox passes this test and IE fails.
  7. rutty

    rutty Active Member

    Your Anti-virus won't help with this at all, it's a problem with the Internet Explorer code. Just be careful when following links to your financial-related sites and you'll be fine. I'm sure it'll be fixed soon as this is one of the more worrying issues with IE that I've seen recently.

    You could always disable Active Scripting in IE if you wanted, but then any site using ActiveX will stop working. Or I've read that setting IE to "High" in the security settings fixes this - can't verify that though.
  8. horn1

    horn1 Member

    I've tested my IE and it's fine!
  9. rutty

    rutty Active Member

    Really? Which version are you running?
  10. is firefox an alternate browser to ie then? how do i get hold of it? is it free? how does it compare with ie, as thats the only browser i've ever used?
  11. Jasper

    Jasper Member firefox an alternate browser to ie then? how do i get hold of it? is it free? how does it compare with ie, as thats the only browser i've ever used?

    Much Better all to download here
  12. Jasper

    Jasper Member

  13. rutty

    rutty Active Member

    You've messed up the link there - extra "http://" Firefox

    Firefox is great, but might take some getting used to if you've only ever used IE before.

    Or maybe try Opera: - that's a decent alternative too :)