Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BEWARE - Spoofed Web Sites 5

Status
Not open for further replies.
TekTippy4U

TekTippy4U

Technical User
Jul 24, 2003
2,526
US
Just want to make everyone aware, who doesn't yet know, about this security vulnerability in IE and "maybe" also in some versions of Netscape and Mozilla(I've heard conflicting reports)

I can't think of anything more dangerous than handing over Personal Identification info(Credit Card #'s, Bank Accounts #'s, Passwords, etc) to a web-site being able to convince you, that you are "SECURE" ......
when your not cause you're not really at the site you think you're at......You're at a fake site!

[In];833786
(Copy and paste the above link in your browser address bar)

TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
 
You mean like "auto-complete" right?..
If so, I think they're up to their old tricks again, as is spoken of at about halfway down the page..

I think we should let merjin know, to take that link off of there, since he says he uses mozilla et al..

I've got all my 'auto crap' set to off (in both IE properties> Advanced Tab and Content Tab areas and I use tweakui to clear everything. I'm considering Mozilla, cause of this, and even a change in OS....

Here's two test sites to test your browser everyone!
and originally found by

Read; and follow "next Msg by Date"




TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
 
folks;
Just fixing my original post's broken link to MS
Doh!
[surprise]



TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
 
TekTippy,

This link you provided in your first post:

I went to that site, and as soon as I clicked on the test link, my McAfee went off with a virus detected. Actually, two of them. It allowed me to delte the viruses, but I figured I should put this information into this thread.

Do well unto others, else you will/should, not respect what you see in the mirror at the end of the day!
 
PcAbuser

Don't be rediculous;
The site doesn't even try to send you cookies, or active X or crap like that

Whatever is going on with your McAfee, it's a false positive...

If this happens ANYWHERE you should quarentine them and send them to McAfee or whomever for further inspection.
Report it to someone who can investigate!
I Have no affiliation or control over any of these sites.
Do you have personal affiliation with the sites you Post??

BE Very Very Careful before you make Accusations!!!

TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
 
TekTippy4U,

Whoaa man, easy now.

I wasn't accusing you of anything.

I was merely reporting what had happened when I tired the link in your earlier post.

I know that you have no control over links to things on the internet, as I am NOT new to computing.

Also, I was incorrect, in that it was in your second post and not your first.

BUT I clicked on the second link in the same post, and it did the same thing. (two instances of a virus from McAfee)
I didn't keep the window for McAfee open any longer than necessary to delete them, because I am on a home lan with three computers and unhooked my network cable immediately.

I am currently running a COMPLETE scan of my drives to make sure the delete was successful.

I did catch something about it being a trojan of some sort in the short time the window was open.

Please don't misunderstand my previous post, as it was for informational purposes only. If it happened to me, it may happen to someone else.

If there is indeed a virus in that link, and not a false positive, and someone clicked it that doesn't have virus protection, then they could end up with big problems.

You may also be right about it being a false positive, but I prefer to not take the chance.


This was certainly NOT an attack on you personally.

I am sorry I didn't make myself better understood previously.

Regards,

Marlon

Do well unto others, else you will/should, not respect what you see in the mirror at the end of the day!
 
I had no such trouble with that site nor any of the others TekTippy4U posted.

It's surely a false positive or came from another site you may have had open.

BTW, I use OnTrack AV.

Skip
 
Thanx SkipCox for a third party opinion - we need more to -confirm/deny....and it's my understanding in a sit. like this that it'll(false positive) show up anywhere from 10-40%(?) of the time from diff users (past experience)

Well thanx Marlon for understanding that the last thing I would want is to have someone infected. It "IS" good that you've found a potential prob and have brought it to light.
After all, anything's possible.
(it was that last statement in your post, i guess that rubbed me the wrong way)

I've submiited info to TekTips Management for investigation.

I've emailed McAfee and Secunia's website in the hopes of tracking down the potential problem.



TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
 
That last "statement in my posts, is nothing more than my sigature that goes into each and every post i make. I will put osmeting in front of it, to make that more obvious.

Do well unto others, else you will/should, not respect what you see in the mirror at the end of the day!
 
OK Folks:
Here's the Reply from my e-mail to Secunia...

**********************************************************

Hi,

This is probably because that we describe in detail how the
vulnerability works, and McAfee has probably implemented a detection pattern for the URL Spoofing vulnerability. Therefore, when visiting our website McAfee may wrongly detect our website as a virus.

I hope this answers your question.

Kind regards,
Jakob Balle, Secunia
***********************************************************

Original Message
On Sun, 2004-01-04 at 23:44,
I wrote:

After posting your site in a forum with the IE spoofing vulnerability info......users with McAfee
anti-virus software have complained/posted back that they have caught viruses trying to be downloaded from your site....What the heck is up with that..

I hope this clears that up....Thanks

TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
 
Hello ALL Again;
Another update...Here's what McAfee sent to me in Reply to my inquiry. I sent them the same e-mail as above...and this is what they had to say

*********************************************************

Dear Sir/Madam,

There is a detection because this site uses a link that tries to run the
spoofing for IE.

A test is available at:

The link above is detected as "Exploit-URLSpoof".

Regards,
V. Nguyen
Virus Research Analyst - Hong Kong
McAfee AVERT(tm) - Anti Virus Research

***********************************************************



TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
 
Ok, here's my position on it..lol
I run Norton's antivirus 2003, and it didn't pop up.
I did the test in IE6SP1, and it spoofed. So, IE is defnitely infected. It's important to note, that in IE, the showed up in both the status bar, and then in the address bar after I clicked the link.

I ran it in Mozilla 1.6b (Beta version) In the status bar, it said however, when I clicked on the link, internet_explorer_address_bar_spoofing_test/ is what showed up in my address bar.. So, it's only partially affected (or they just haven't fixed the vulnerability in the status bar).
Patrick.
 
Hey there PatD;
You seem fairly new here...Welcome to TekTips! [2thumbsup]
I see you trying to help alot all around, which is good.
Just want to welcome you with a * for a helpful post in this thread, as it surely adds to the "tested" diff browser vulnerabilities.

TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
 
Thank you for the welcome and the star TechTippy4U.

I'm one of those people who will look for the answer until I find it, or am told to quit..lol And, I realize that I may not have the right answers, or the most accurate information, but hopefully I'm giving people another perspective to look at.

As in my own situation, I look at clean installing an OS to fix a problem as a last resort..lol So, if I can find something less drastic than that, I'm happy to help.

Patrick.
 
Sorry about that..LOL Sometimes, I click submit before I edit.. I mistakenly called you TechTippy4U, when it's TekTippy4U. [Blush]

Patrick.
 
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question
Connecting a Web Camera
Replies
1
Views
174
dik
dik
dik
  • Locked
  • Question
Blocking Websites
Replies
5
Views
4K
hairlessupportmonkey
hairlessupportmonkey
peterpann
  • Locked
  • Question
Win 10 web-based Outlook ignores new screen resolution.
Replies
0
Views
166
peterpann
peterpann
uniopp
  • Locked
  • Question
Windows CE Web Server
Replies
0
Views
325
uniopp
uniopp
bsquared18
  • Locked
  • Question
Problem Getting from Word-Document Link to the Linked Website
Replies
3
Views
210
strongm
strongm

Part and Inventory Search

Sponsor

Back
Top