The perpetrators of the exploit lure unsuspecting Australian users to the malicious Web site by widely distributing spam emails -- purporting to be from one of the Big Four local banks -- containing what appears to be a legitimate link to the bank's Internet banking site. The IE vulnerability, however, has allowed the fraudsters to spoof the URL of the bank's legitimate Web site by manipulating the information displayed in the status bar using an embedded form. The "from:" field of the emails include what is likely to be a valid email address for the bank they purport to be from. Those who click on the link are directed to a Web site, however, which automatically executes a malicious key logger program on their computer. The user is then automatically directed to the bank's real Internet banking Web site. The program then captures log-in details when the user logs in to the real site and sends those back to the fraudsters via an email sent via an anonymous mail server based in Russia.
AusCERT senior security analyst Jamie Gillespie said the use of URL obfuscation and exploit to install a program went beyond previous phishing scam moves to fool users into entering data into a fake Web site.
"[These exploits allow the perpetrators to] capture details when the user enters a true Web banking site," he said.
The body copy of the malicious email reads as following:
Dear user!
We are informing you that today, the amount of $XXX AUD has been drawn out of your account.
Technical assistance of YYY Bank.
http://www.ZZZ.com.au
AusCERT said initially in its advisory that it was unaware of any patch being released by Microsoft to deal with the IE vulnerability. Microsoft Australia, however, late in the day released a statement saying it had identified the vulnerability in December last year and released a patch. Gillespie nonetheless warned that AusCERT believed that a large number of home users may not be patched and would still be vulnerable.
For more coverage on ZDNet Australia, click here.
Talkback
I have a Mac, and manage to avoid, or harmlessly receive 95% of viruses. I really do not understand why you PC users put up with it. Get a BMW and leave the Holden behind.
A virus/worm written for windows didn't effect your Mac will no sh!t Sherlock.
Every time a new windows worm/virus is released on the world, we have smug mac/linux users, smiling happily to themselves and yelling about how it’s not effecting them. But the point I'd make is this: do virus/worm writers target windows boxes because (a) they are the least secure or (b) because 95% of boxes connected to the internet are owned by non-techie John Doe and running a Microsoft OS? I wonder how many virus/worms we'd see if linux/mac boxes ruled the roost, just the same amount I'd bet. I’m not suggesting that Windows is a wonderful OS it isn’t, but the others have their faults to. Equating Mac owners to BMW drivers, now thats a bit nasty to the Mac owners.