Phishing Emails Exploit Browser Weaknesses
Most web browsers are supposed to protect people by implementing security zones. These safe zones use different security settings of a web browser, which can vary based on the location of the web page being viewed. Phishing emails can lure users to a malicious code web site. These sites attempt to install spyware, malware or both onto the unknowing person’s computer. These web sites rely on weaknesses in web browsers, which will allow installation and execution of harmful programs on a computer. These web browser vulnerabilities allow overriding settings, even when these sites are located in a security zone that is not trusted and normally would not allow those actions. Here are a couple of weak spots, as identified by the CERT Coordination Center: 1. Outlook Express HTML protocol handler does not properly validate location of alternate data This is a cross-domain vulnerability where a specifically formatted URL invoking the InfoTech Storage (ITS)2 format protocol handlers could cause Internet Explorer to load an HTML document located within a Microsoft HTML Help (CHM) file. This HTML document would then be rendered in the Local Machine Zone. This HTML document could contain a script, ActiveX object, or IFRAME element to download and execute malicious code. We have observed this vulnerability used extensively in attempts to install malware. Read the rest of this article
�