Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scam Combines Patriot Act FUD With IE Bug

Posted by timothy on from the misery-loves-company dept.

LostCluster writes "CNET, Reuters, and the AP are all reporting this morning about a circulating e-mail scam that claims that people will lose their FDIC bank account insurance because they are suspected of violating the Patriot Act unless they confirm their bank account information with a website. The scammers then use the already documented bug in IE that allows a site in Pakistan to get 'www.fdic.gov' to appear in the URL bar. Where's an MS patch when we really need one?"

3 of 447 comments (clear)

  1. Still more fun with the PATRIOT act and MS bugs by Mr.+Darl+McBride · · Score: 5, Interesting
    You can make your messages look like this to MS users: (PNG picture) and elicit fun responses like this, while your messages look normal to non-MS users.

    This is a combination of using simple X- header lines for the top error part, as well as the "'begin'-then-two-spaces" bug, which lets you create a bogus MIME section that only MS mail readers fall for -- useful for suppressing the message part. The begin-with-two-spaces trigger makes an excellent quoted text header. :)

  2. Perhaps it's still in "testing" by Zocalo · · Score: 4, Interesting
    Where's an MS patch when we really need one?"

    Apparently they are "still working on it", just like they have been for the last two scheduled patch releases they've had. Unfortunately, the scammers and phishers are "still working on it" as well. And yet despite this, Microsoft still spouts such choice quotes about its software security as "The tool had to to be tested before we could put it on Windows Update... it would be unfair to accuse Microsoft of tardiness." (about a five month wait for an official Blaster clean-up tool) and "Windows is far more commonly afflicted with worm infections than Linux... but Microsoft offers greater accountability and support than open source alternatives".

    Well, I'll agreee with one of those points. Can you guess which? ;)

    --
    UNIX? They're not even circumcised! Savages!
  3. Virus Scanners can pick it up by Controlio · · Score: 4, Interesting

    I don't know about the rest of you, but I clicked on a funny link from a prior Slashdot thread that had an intentionally altered URL. The big shocker was, IE parsed it like it was no big deal, but my virus scanner picked up the malicious code. It warned me that the URL was modified by a bug in Internet Explorer, and allowed me to continue or back out.

    I always swore by Norton, but from the things I've seen as of late, I think I'm sticking with Network Associates.