[Mimedefang] [OT] Fw: Interesting Phishing Trick
Philip Prindeville
philipp_subx at redfish-solutions.com
Thu Mar 9 21:06:22 EST 2006
Kevin A. McGrail wrote:
> Philip:
>
> This rule won't hit on the phishing email I was discussing. It doesn't use
> a mouseover. It uses a nested a tag to hide to real link. Thanks to
> Kenneth Porter, here's my original post:
>
> http://thread.gmane.org/gmane.comp.jakarta.tomcat.user/127749
Kevin,
I get that.
The larger point that I was trying to make (and I could have
done a better job of connecting the dots) is this:
* sometimes someone will send out HTML that will look like:
<a href="http://www.foo.com/...">http://www.bar.com/...</a>
where you think you're going to www.bar.com, but you're
actually going to www.foo.com.
* Some browsers will display (below in the status bar) the real
URL contents when you put your mouse over the anchor in the
status bar (as visual confirmation of where you're about to go).
* the connection I was trying to make is that if the attributes
of the <a> contain:
onMouseOver="window.status=' ...
you can override what the contents of the status bar end up
looking like, thus circumventing the limited security that
browsers provide (in the form of visual feedback above).
Hope this is more clear.
-Philip
More information about the MIMEDefang
mailing list