Phishing With Images Contaiig Hidden Code


Recommended Posts

Phishing with images containing hidden code

27 March 2009, 12:36

"Arbor Networks, which specialises in combating distributed denial of service (DDoS) attacks, reports on it's blog that a named web site is actively exploiting Internet Explorer's MIME-sniffing problem to create phishing attacks. The perpetrators send email containing a supposedly harmless link that seemingly leads to a JPEG image, but the photo contains hidden HTML and JavaScript code that displays a fake eBay login page. While Firefox and Safari return an error message when loading the image, Internet Explorer executes the code.

The variety of ways which a file's type can be determined is at the heart of the problem. Ever since version 4, Internet Explorer has been using MIME sniffing (also known as MIME type detection). IE does not automatically assume that a file taken from the web has the content type stated by the server in the HTTP header. Nor does it trust the file name extension or signature on their own. Instead, Internet Explorer also examines the first 256 bytes of the file in order to determine its type. If it finds HTML code there, it will run it.

This loophole can be exploited, not only for phishing attacks, but also for cross-site scripting attacks on sites that actually prevent the uploading of active content. More details on MIME sniffing, demos and tips for dealing with the problem are provided in the article Risky sniffing - MIME sniffing in Internet Explorer enables cross-site scripting attacks from The H Security. (DAB) "

(crve)

Heise security - http://www.h-online.com/security/Phishing-...e--/news/112945

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...