Probably the simplest phishing trick in the world (Beware even when visiting secure sites)

UK Register ^ | Dec. 9, 2004 | John Leyden

[QQQQQ]

Many popular browsers are affected by a vulnerability that makes it easy to spoof the content of websites, security firm Secunia warns.

Features built into browsers makes it possible for malicious websites to change the content of pop-up windows created by trusted websites such as online banks. Users would have no inkling that potentially hostile content has been injected into a pop-up window. Exploits rely on misusing browser functionality rather than taking advantage of a software bug. Thomas Kristensen, Secunia’s chief technology officer, described the problem as “perhaps the simplest phishing trick yet.”

Secunia has confirmed the vulnerability on fully patched versions of Internet Explorer 6.0 and Windows XP SP1 and SP2 (advisory here), Mozilla 1.7.3, Mozilla Firefox 1.0, Netscape 7.2, Apple's Safari 1.2.4, Opera 7.54, and KDE's Konqueror 3.2.2-6. Other versions of these browsers might also be affected. Secunia has issued five advisories (summary here) and an on-line test (online test here).

Secunia describes the vulnerabilities as "moderately critical". It advises users not to browse untrusted sites while browsing trusted sites.

[QQQQQ]

Go to the online test page to read more about it, then you can take the test.

It's by Security firm Secunia, they have a good explanation of how this happens.

The link to Secunia is: Secunia explanation and online test. Clicking on this link will NOT start the test, you can just read more about the vulnerability, then decide, if you want to test your browser.

It seems the main way to avoid it is to clean your cache, cookies, etc., closer your browser, THEN go to the secure site, but NOT have any other browser windows open, then after you took care of your business, close the browser, then open it again and do your browsing.

[elfman2]

Without reading further, it sounds like all you have to do is not link to your banking site through your hair growth page and then not notice that you’re accessing it through a popup.

[JoJo Gunn]

Like the girl with the nosebleed said, it's always something....

[Izzy Dunne]

Secunia is yet again pushing this as "all browsers", but my browser isn't affected.
I go to the site with Safari, click on the test page, click on the sign, and get the Citibank spoof page (as you should).

Test it with FireFox, though, and oops!

[ArmyBratproud]

I went to the secunia site....and got a harmfull pop up!

[mrsmith]

Why would Citi-bank have javascript:launchPopup('/domain/redirect/cbna/abuse.htm','spoofing','status,resizable,scrollbars,width=694,height=620')"> or anything that redirected you to a phony site on their website?

I don't get it.

[EdReform]

BTTT

[ItsForTheChildren]

You mean FIREFOX is vulnerable!?!?!?!?

[goldstategop]

Get it? Lock down your hosts file by putting hostile websites into the Internet Explorer Restricted Zone and then using Spybot S&D to make it read only so hackers can't hijack it. You should be parasite-free afterwards for good.

[JoJo Gunn]

It got me with Firefox 1.0 and Mozilla 1.7.3 and IE6.0

However, I have the extension to open Firefox from pages viewed with IE, so I right clicked on the link, (the one for users of popup stoppers) to open with Firefox, and THAT way Secunia's spoof didn't work.

I also have the extension to open IE from Firefox, so the spoof didn't work that way either.

[Knitebane]

I tested my Firefox 1.0 on Debian Linux and I get the Citibank page. No popup.

My Konqueror 3.2.2 works properly as well.

My copy of Opera 7.53 Final (a very old version) is vulnerable.

Methinks Secunia screwed the pooch on this one.

[JoJo Gunn]

That script is to open a new window. Note the title/subject of the window, and also note there are instructions for resizing that window.

To all: right clicking and opening those links in new windows (using the same browser) doesn't allow this particular spoof.

[the invisib1e hand]

ok. can someone explain this to me? I'm over 40. Thanks.

[wtc911]

I drive a Studebaker.

[Clara Lou]

I tried it with Firefox 1.0 and the latest IE. Neither of them were hijacked. I must have something running that prevents it-- Spybot? Spyware Guard? Spyware Blaster?

[Bogey78O]

It's a little tricky and it would require technical speak to explain to a layman. But essentially the way pop-ups work in most browsers allow for some bad websites to pop-up windows if you click a link in a friendly website. But you have to have them both open.

It's not the end of the world. Just make sure you're not working with multiple windows open when doing secure stuff.

[mrsmith]

But the script is on the "Citibank" site!

Which is not a Citibank site at all:
"Domain Name: CITIBANK.COM
Registrar: TUCOWS INC."

I don't get it. If you go to the wrong site and do what they say that's got nothing to do with any vulnerability in your browser- it's the nut behind the wheel you have to worry about.

[JoJo Gunn]

I'm not sure. Make sure you do one left click, and note whether you're running a popup blocker. Do you mean the latest IE is that SP2 for XP users? It has a popup blocker, doesn't it? (I don't run XP).

I'm running Spyware Blaster, for what it's worth, but I don't think it's made to counter these kinds of things. Not just yet, anyway. When things like this are made public it hopefully will be entered in later program updates.

[ParityErr]

Bump for later reading

[JoJo Gunn]

I'm confused. How are you viewing it? I used page info with Firefox and didn't see that.