Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same

The smart re-direction attack

The RSA Anti-Fraud Command Centre has issued a warning about a new phishing technique known as a Smart Redirection Attack (SRA). This type of attack is designed to ensure that potential phishing victims always link to a live Web site.

For an SRA, the fraudster creates a number of similar phishing Web sites based at different locations. All of the e-mail received by consumers contains links to Web sites which direct the victim to an IP address that hosts the ‘smart redirector’. When the potential victim clicks on the link, the ‘redirector’ checks all related phishing Web sites, identifies which sites are still live, and invisibly redirects the user to one of them.

Fraudsters are aware that once a user identifies the site as fraudulent, he will report the site’s address, then there’s a good chance that someone will shut it down. If the fraudster has used a single address for an entire batch of e-mail, the entire mailing list directed to that site would be wasted. However, sending the redirector address (hidden from the consumer) assures that the victim will always reach a live site.

Vulnerability in MS

A vulnerability in Microsoft Internet Explorer can be exploited to compromise a user’s systems. According to Secunia Research, the vulnerability is caused due to an error in the processing of the “createTextRange()” method call applied on a radio button control. This can be exploited to corrupt memory in a way which allows the program flow to be redirected to the heap. Successful exploitation allows execution of arbitrary code.