Alias:
Category: HTML
Type: Other
Published Date: 2/18/2004
Last Modified: 2/18/2004
CHARACTERISTICS
The HTML.Phishbank family includes HTML web pages and e-mail messages that attempt to lure people to "phishing" pages, using long URLs intended to obscure the page's true location.
The general purpose of these obscured URLs is to aid in creating a believable forgery of a real web page, for example an Internet banking page. The forged page can then entice users to enter confidential information, which can be captured by the forger. This process is often called "phishing".
The common method for obfuscating the true URL involves placing a username and password in the URL, using the following syntax:
http(s)://username:password@server/resource.ext
In this way, a "phisher" may use the username portion to make a URL appear to point to one location, when it actually refers to somewhere else. For more information on this URL syntax, its use and misuse, please see Microsoft Knowledge Base Article 834489
http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
The above article also contains a security update from Microsoft that addresses this issue by removing support for URLs with the aforementioned syntax.
Analysis by Hamish O'Dea
http://www3.ca.com/virusinfo/virus.aspx?ID=38328

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic