| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 May 2004 11:18:51 -0700 From: "Drew Copley" <dcopley@...e.com> To: "Todd C. Campbell" <todd.campbell@...e.com> Cc: <bugtraq@...urityfocus.com> Subject: RE: IE URL Issue Being Used In Phishing In the Wild [USBank] These guys got it and catalogued it nicely. Scroll down for full details. http://www.antiphishing.org/phishing_archive/05-13-04_US_Bank_(Found_err or).html They did everything but put up full source code. Http-equiv pointed out Dror Shalev has catalogued an Citibank version he found in the wild: http://sec.drorshalev.com/dev/fakeaddress This has different source, however, and utilizes a different method altogether. The Italian version is cleaner, no munged graphics, but this citibank version doesn't miss on the url bar if you have an additional bar underneath the url bar (ie, google bar, or links). We should expect someone to figure out pretty soon that they can replace the warning dialogs for running executable content on the web (or for installing spyware activex)... imo. None of this is entirely new... but, it looks like exploit to implementation time has finally caught up with each other after several years. Guninski: "Javascript in IE may spoof the whole screen" [He also shows how it may spoof the executable warning box, this issue is still open] Date: 21 October 2001 Image moving over download/open dialog: http://www.guninski.com/opf2.html Really, I think this is a classic "failure of imagination" security issue here. Regardless, this is easy money. These guys have finally figure it out. Someone has spelled it out for them. > -----Original Message----- > From: Todd C. Campbell [mailto:toddc@...dor.beernutz.com] On > Behalf Of Todd C. Campbell > Sent: Friday, May 14, 2004 10:45 AM > To: Drew Copley > Cc: bugtraq@...urityfocus.com > Subject: Re: IE URL Issue Being Used In Phishing In the Wild [USBank] > > On Thu, May 13, 2004 at 03:30:29PM -0700, Drew Copley wrote: > > One of our developers (Laurentiu Nicula) received an alarming type > > of phishing attack today. > > > > received: from UsBank.com ([82.33.97.75]) > > > > [82.33.97.75 = [ 82-33-97-75.cable.ubr10.azte.blueyonder.co.uk ] > > > > The email looks legitimate enough, but links to: > > > > http://validation-required.info/ > > This site seems to be suspended now. > > -- > > Todd C. Campbell > CoreComm an ATX Company > Systems Engineering > > >
Powered by blists - more mailing lists