Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

HTML.Phishbank.A

Feb 18, 2004 2:44PM PST

Alias:
Category: HTML
Type: Other
Published Date: 2/18/2004
Last Modified: 2/18/2004

CHARACTERISTICS
The HTML.Phishbank family includes HTML web pages and e-mail messages that attempt to lure people to "phishing" pages, using long URLs intended to obscure the page's true location.

The general purpose of these obscured URLs is to aid in creating a believable forgery of a real web page, for example an Internet banking page. The forged page can then entice users to enter confidential information, which can be captured by the forger. This process is often called "phishing".

The common method for obfuscating the true URL involves placing a username and password in the URL, using the following syntax:

http(s)://username:password@server/resource.ext

In this way, a "phisher" may use the username portion to make a URL appear to point to one location, when it actually refers to somewhere else. For more information on this URL syntax, its use and misuse, please see Microsoft Knowledge Base Article 834489

http://support.microsoft.com/default.aspx?scid=kb;en-us;834489

The above article also contains a security update from Microsoft that addresses this issue by removing support for URLs with the aforementioned syntax.

Analysis by Hamish O'Dea
http://www3.ca.com/virusinfo/virus.aspx?ID=38328

Discussion is locked