New phishing hole in I.E. 7 found.

Hi malware fighters,

An Israeli security expert has found up a new clever phishing hole for IE7, exploiting a bug in locally saved HTML error messages to lure users to a fake site. Look here:

http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx

polonus

Unfortunately there aren’t examples or tests…

There is a link on that page that polonus gave for a proof of concept.

Thanks David,
If you use IE7, be careful. even the built in phishing filter wouldn’t help you.

There is however a simple way to get past this.
Open the link in an IE tab within Firefox by getting the IE Tab Add-on
It doesn’t appear to open the re-directed link but gives you an error instead

(Click on the picture for a full view)

I use IE tab on Firefox and it seems to by-pass the IE troubles: give us security when we are obliged to use IE (like in Windows Update site).

No problem, I’m still on IE6 SP2 and because that will continue to be supported for some time, I will let IE7 mature some more before I attempt to download it on dial-up or get it from a computer magazine Cover CD.

It is an extremely rare occasion when I use IE now.