Scam Combines Patriot Act FUD With IE Bug

LostCluster writes "CNET, Reuters, and the AP are all reporting this morning about a circulating e-mail scam that claims that people will lose their FDIC bank account insurance because they are suspected of violating the Patriot Act unless they confirm their bank account information with a website. The scammers then use the already documented bug in IE that allows a site in Pakistan to get 'www.fdic.gov' to appear in the URL bar. Where's an MS patch when we really need one?"

Still more fun with the PATRIOT act and MS bugs

[Mr.+Darl+McBride]

You can make your messages look like this to MS users: (PNG picture) and elicit fun responses like this, while your messages look normal to non-MS users.

This is a combination of using simple X- header lines for the top error part, as well as the "'begin'-then-two-spaces" bug, which lets you create a bogus MIME section that only MS mail readers fall for -- useful for suppressing the message part. The begin-with-two-spaces trigger makes an excellent quoted text header. :)

Perhaps it's still in "testing"

[Zocalo]

Where's an MS patch when we really need one?"

Apparently they are "still working on it", just like they have been for the last two scheduled patch releases they've had. Unfortunately, the scammers and phishers are "still working on it" as well. And yet despite this, Microsoft still spouts such choice quotes about its software security as "The tool had to to be tested before we could put it on Windows Update... it would be unfair to accuse Microsoft of tardiness." (about a five month wait for an official Blaster clean-up tool) and "Windows is far more commonly afflicted with worm infections than Linux... but Microsoft offers greater accountability and support than open source alternatives".

Well, I'll agreee with one of those points. Can you guess which? ;)

Re:Solution

[jfengel]

Does it solve the problem? (I'm genuinely asking; I don't have a Mac around to test it.)

The problem is that IE (and Firebird, and Mozilla) all display the URL as typed, including user name and password information. So if you type http://www.slashdot.org:foo@www.whitehouse.gov/ you get directed to a nasty site, even though the URL appears to say www.slashdot.org.

(I don't seem to be able to reproduce the link exactly here; I think Slashdot may be removing the user name and password info.)

The solution seems fairly simple; remove user name and password information from the displayed URL. But that's not necessarily the Right Thing, displaying a different URL than you clicked. I don't consider the problem a "bug" in the same sense that buffer overflows are a bug.

Clearly it's a problem; I am a professional programmer and wasn't aware of this until it was pointed out to me.

If Safari has a solution, I'd like to know it. Mac developers are pretty good about doing The Right Thing.

security in windows

[plams]

many roads lead to a safer internet expirience. mozilla, firewalls, scriptblockers.. however, the method i've found most effective is what i call "security through some old piece of crap". my mIRC client says "copyright 1995-1998", and when I asked 50+ nerds on a channel to try and DoS me, nobody could find a crack old enough! so the lesson is: don't wait for the new patch. revert to a version before the bug was even introduced.

Virus Scanners can pick it up

[Controlio]

I don't know about the rest of you, but I clicked on a funny link from a prior Slashdot thread that had an intentionally altered URL. The big shocker was, IE parsed it like it was no big deal, but my virus scanner picked up the malicious code. It warned me that the URL was modified by a bug in Internet Explorer, and allowed me to continue or back out.

I always swore by Norton, but from the things I've seen as of late, I think I'm sticking with Network Associates.