Filtered By: Scitech
SciTech

IE bug could blind users to phishing attacks


A bug in Microsoft's Internet Explorer could allow so-called "convincing" phishing attacks, a security researcher said.
 
Researcher Graham Cluley cited findings by researcher David Leo indicating the bug works on Internet Explorer 11 running Windows 7 or Windows 8.1.
 
"In Leo’s example exploit page, users running Internet Explorer are invited to click a link opening the Daily Mail website – which opens normally but after seven seconds is replaced with content reading “Hacked by Deusen,'" he said.
 
While the Daily Mail's website itself was not hacked, the content in the user’s browser was altered.
 
The convincing part of the attack is that the URL displayed in the address bar does not change during the attack.
 
Potentially, it said an attacker can "easily embed code (such as a fake login page) or run malicious code from an external page without the user being aware that anything suspicious has happened."
 
Citing a report on The Register, Cluley said the flaw has been reported to Microsoft. — Joel Locsin/TJD, GMA News