[Mimedefang] Browser Bug: Very bad in IE and varies on Netscape and Mozilla
Kevin A. McGrail
kmcgrail at pccc.com
Fri Dec 19 17:12:39 EST 2003
WARNING: There is documentation of a scam in this document. Read the
document, don't feel the need to click on things!
Not to alarm everyone, but I feel that there is a bug/scam that more people
need to know about that I found out about last week. This bug causes some
browsers, notably Internet Explorer but ALSO AFFECTING NETSCAPE AND MOZILLA
TO SOME EXTENT, to parse web links incorrectly and allow a person to nearly
perfectly cover up the fact that they are redirecting you to a different
link.
I believe this bug should be identifiable in SpamAssassin but I have seen a
few different techniques and I am not 100% sure what the bug is! Something
akin to this (tested but I don't make a lot of rules):
# This rule is to mark emails using the exploit of the URI parsing
uri KAM_URIPARSE /\%01\@/i
describe KAM_URIPARSE Attempted use of URI bug. Very high probability of
fraud.
score KAM_URIPARSE 7.00
This trick is so good, it even tricks popup blockers such as google's
toolbar.
As an example, using a link such as the one below will LOOK like you are
going to paypal.com but in fact you are going to netcbc.net/paypal (this is
a REAL fraud website so don't go using it).
http://www.paypal.com%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01@netcbc.net/paypal/
I found out about this problem late last week and was hoping Microsoft would
have it patched before I had to write this note.
Unfortunately, it is still not patched to the best of my knowledge on
December 19th over a week later. Additionally, on December 17th, I was
forwarded a copy of one of the emails using this technique to fraudulently
gather information. This technique called "Phishing" has been around for a
while but this bug will make even expert users fall prey to this trick.
I would recommend forwarding this information to people you feel can
properly handle the information but I think this is going to very quickly
become the largest scam tool on the internet.
Regards,
KAM
More information about the MIMEDefang
mailing list