Another serious security hole has been unearthed in
Microsoft’s Internet Explorer browser, which could lead to users
being tricked into thinking fake phishing sites are
genuine.
The error in the browser can be exploited to fake the address
bar in the user’s browser window, warned security monitoring
company Secunia.
This flaw could allow phishing scams to trick people into
believing they are on a legitimate site, when they are in fact
viewing a fraudulent web page.
When a user clicks on a phishing e-mail web link, they are
usually directed to a site that looks like the original, but which
has a different address in the top bar. The IE flaw helps to cover
up this difference.
An error in the way the IE browser loads web pages and
Macromedia Flash animations is the cause of the problem, said
Secunia.
Microsoft said it was studying the flaw, the fourth reported
flaw in IE in just over two weeks.
Both Secunia and Microsoft said they were so far not aware of
any phishing attacks that used the latest flaw.
Microsoft has confirmed it will be patching at least one of the
three previous serious flaws next Tuesday, as part of its monthly
patching cycle.