Jump to content

Internet Explorer Exploit

Recommended Posts

Just a warning to you all.


Back in December an exploit was found in IE (5.01, 5.5 and 6)


It allows one to show one URL in the address bar but actually

take the victim to another.


Here is a very simple page I've just created:



The implications are huge. Barclays bank has just been hit by this.

Someone made a spoof copy of their site and then sent out emails with

the exploit and tricked customers into thinking that they were on

the legit site.

Share this post

Link to post
Share on other sites

A properly updated virus scanner should also detect it as a trojan :ph34r: - mine does :D (McAfee 4.5.1 - kept up to date weekly)

Share this post

Link to post
Share on other sites

But it's not actually a trojan Si ;)


It's a Micky$oft "feature" :P

Norton AV latest pattern file does not pick it up and nor would I really expect it



Where it is likely to catch people out is where someone gets sent a faked HTML

email that looks like it has come from their bank and asks them to log in. You will

most likely be taken to a site that looks identical and log in and before you know

it the 'fraudster' has your login details. Some Barclay's customers were hit by this

a few weeks back.

Share this post

Link to post
Share on other sites

I know its not a real trojan :rolleyes: but decent heuristics catch it all the same as you can see from the screen capture!


I ditched Norton ages ago as it kept missing things even with the latest updates :( (my company did the same thing long before I did and switched to McAfee - they even managed to block all the last lot of worms!)


Share this post

Link to post
Share on other sites

I think this scam was also done a while ago by someone spoofing the Blomberg investment site in the US and got away with a load of money either because the info shown on the website affected the share price from which lots lost and one gained or through a spurious offer for sale of shares taken up by those taken in.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...

Important Information

Privacy Policy