Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    Oct21
    12:02 pm (UTC-7)   |    by

    Another URL spoofing in at least two browsers has been discovered. It was first reported as a URLspoofing vulnerability in Internet Explorer. Subsequent discussions later revealed that Firefox is also vulnerable.

    To create such a bug, start off with a simple link tag: <a href=””> </a>

    Then within that tag, include an onClick() event. This event is triggered when the link is clicked. Then use the onClick event to include a Javascript that redirects the browser into a web page of your choice.

    As you may have noticed, the redirection is done through Javascript. The redirection script can be modified such that an attacker can employ this to execute custom Javascript of the attacker’s choosing. For example, it could be leveraged to perform a cross-site scripting attack.

    And since this is a spoofing bug, it could be used for phishing or luring unsuspecting users into clicking malicious URLs.

    Workaround

    Disabling Javascript support in your browsers is an effective workaround for this spoofing bug.

    Demo

    Click on any URLS below for demonstration. See the underlying source code to see how the URL spoofing works. And yes, all links are safe.


    Redirect to trendmicro.com, even though the URL says “http://google.com”


    Pop a message box



    Tested on:


    • IE 6, Windows XP SP2
    • Firefox v1.0.7, Windows XP SP2





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice