New Phishing Attack Uses Old IE Exploit

Bank information solicitation is typical, but URL is obscured by bug patched earlier this year.

A new phishing attack is utilizing a vulnerability in Internet Explorer, patched early this year, to hide its true source.

/zimages/2/28571.gifA serious hole in IE opens PCs up for attacks. Click here to read more.

The attack, called Citifraud.A by Panda Software, takes the form of a Web page or HTML e-mail. It has no means of self-propagation and is therefore termed a Trojan by Panda.

The page or e-mail appears to come from a bank and contains a link that appears to go to the bank Web site. The link uses a vulnerability in Internet Explorer that causes the browser to improperly display the URL of the Web site due to a flaw in a process called canonicalization.

The flaw was disclosed and patched in February.

The link, if followed, actually takes the user to a malicious Web page that requests private account information.

/zimages/2/28571.gifNew measures against phishing attacks may be gaining traction. Read more here about the moves to counter cyber-crime.

Users who have patched their system can still receive the attack and click through to the malicious page, but they would see the true URL, which contains a number of unusual features.

Panda Software has categorized Citifraud.A with a threat level of "high." The companys Web site states that the largest numbers of infections have occurred in South America and southern Europe.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.