Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Bug Spoofs Internet Explorer Addresses

Microsoft's Internet Explorer, already stunned with a bug currently being used by hackers to infect PCs with spyware, suffers from yet another vulnerability, a researcher said Tuesday.

The bug affects how the browser loads Flash files, which use the ".swf" extension. Attackers can use a Flash file to spoof the address bar in IE to disguise the true URL of the site being viewed. Address bar spoofing is a long-time phishing tactic that's used to masquerade the bogus URL.

(Oddly enough, recent research by a trio from Harvard and Berkeley shows that few surfers use the browser address bar to detect fake sites.)

Danish vulnerability tracker Secunia rated the IE spoof as "less critical," in part because the name of the Flash file appears in the browser window.

To protect against such a spoof, Secunia recommended that users disable IE's Active Scripting feature, advice also given by Microsoft to deflect attacks exploiting the createTextRange vulnerability that the Redmond, Wash. developer promised would be patched no later than April 11.