Phishing e-mails exploit recently patched IE vulnerability

AusCERT warns that the Web sites attempt to run executable Javascript code and use a number of different security holes in Internet Explorer. One site was found to exploit the JS.Dragdrop vulnerability, which was patched by Microsoft just one week ago in security bulletin MS04-038.

According to AusCERT, users ought to be wary of e-mails that purport to be an online greeting card with the subject line -A Thinking Of You Card for you". Another e-mail pretends to confirm an order for a television set from -www.tvshop.com.au".

The advisory explains that victim's computers could become infected with a Trojan horse that captures keystrokes when the user visits certain financial Web sites. In addition the Trojan installs malicious programs that allow hackers to gain full control of the infected PC.

Foad Fadaghi, senior industry analyst at Frost & Sullivan said he is not surprised that phishers have targeted Web shoppers in this way and expects a surge of similar malicious e-mails in the run-up to Christmas.

"You will see an increase in this kind of activity around the holiday shopping season and they will probably move into other categories as well -- like toys and clothes," Fadaghi said.

Last Tuesday the Anti-Phishing Working Group warned that the number of phishing Web sites has been increasing by 50 percent each month and fraudsters had started using more sophisticated techniques to fool Internet users into revealing personal information.

The APWG said it has noticed an increase in the number of generic e-commerce Web sites where victims believed they were ordering products or services from an "independent" reseller.

According to AusCERT, the phishers have imported these techniques to Australia.