Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

HTML.URLSpoof

Feb 18, 2004 2:36PM PST

Alias: Exploit-URLSpoof.gen (McAfee),
HTML.URLSpoof.A,
HTML/URLSpoof.1156.Trojan,
JS.URLSpoof
Category: HTML, Java Script
Type: Other, Trojan
Published Date: 2/18/2004
Last Modified: 2/18/2004

CHARACTERISTICS
The URLSpoof family includes HTML web pages and e-mail messages that exploit a vulnerability in the way Internet Explorer displays some malformed URLs. It is often used to aid in stealing personal information such as Internet banking passwords.

More information on this issue (the "Improper URL Canonicalization Vulnerability") can be found in Microsoft Security Bulletin MS04-004:

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-004.asp

The patch provided by Microsoft removes support for URLs with usernames and passwords in this format:

http(s)://username:password@server/resource.ext

For more information on this URL syntax, its use and misuse, please see Microsoft Knowledge Base Article 834489:

http://support.microsoft.com/default.aspx?scid=kb;en-us;834489

Read more: http://www3.ca.com/virusinfo/virus.aspx?ID=38326

Discussion is locked