RealNews

IE bug provides phishing tool

A flaw in Internet Explorer makes it easy for scammers to create dummy sites that look like legitimate ones, and try to steal information from Web users. A newly discovered bug in Microsoft’s Internet Explorer Web browser may help fraudsters trick Internet users into divulging sensitive information and executing malicious code, according to a security researcher. The new glitch allows a specially crafted URL, or link, to load a browser window that appears to be displaying any address the attacker wants — this would enable a fraudster to load a window that would appear to be displaying www.zdnet.com.au, for example, but would in fact display content from another source. The problem will make it easier for scammers to trick Internet users into divulging personal details through “phishing scams”, where emails purporting to come from the victim’s Internet banking provider or another such site encourage them to re-enter details such as usernames and passwords, according to security research engineer Drew Copley. “You could pretend to be anybody. You could have someone run executable content,” he said by phone from the US. “This is not the end of the world [but] it adds to Microsoft’s woes.” Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.