Bugtraq mailing list archives

Re: IE URL Issue Being Used In Phishing In the Wild [USBank]

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 15 May 2004 17:18:17 +1200

"Drew Copley" <dcopley () eeye com> wrote:

<<snip>>

The webpage attempts to throw up a little url bar of it's own
which covers IE's url bar. This allows a pretty convincing spoof
job to happen. 

The pop up looks just like IE's url bar, and it is even selectable.

This does not work in Netscape.


This was also reported at antiphishing.org:

http://www.antiphishing.org/phishing_archive/05-13-
04_US_Bank_(Found_error).html

and it sounds similar to an earlier incident reported there in late 
March:

   http://www.antiphishing.org/news/03-31-04_Alert-FakeAddressBar.html

It is very similiar to Malware's issues of late.


Sorry -- I'm going to have to ask you to expand on that (perhaps I 
missed something from http-equiv?).


Regards,

Nick FitzGerald

Current thread:

IE URL Issue Being Used In Phishing In the Wild [USBank] Drew Copley (May 14)
- Re: IE URL Issue Being Used In Phishing In the Wild [USBank] Todd C. Campbell (May 14)
- Re: IE URL Issue Being Used In Phishing In the Wild [USBank] Nick FitzGerald (May 15)
- <Possible follow-ups>
- RE: IE URL Issue Being Used In Phishing In the Wild [USBank] Drew Copley (May 14)