Jan Širmer

8 August 2011

Four browser nets and one phish

Go to comments Leave a comment

Not all browser nets can catch the same phish. One Friday evening, just before I wanted to go home, I received an interesting email.

It contained sentences like " We recently reviewed your account, and suspect that your PayPal account
may have been accessed by an unauthorized third party" and words like "protected", "security" and "unauthorized". Of course, at the end of the email, there were directions to click on a "Paypal" link to update information like login name and password.

Of course, everyone knows about phishing these days. What was really interesting were the clever ways they wrote the code to make the link to their phishing site more discreet. So I decide to see what major browsers such as Microsoft Internet Explorer, Google Chrome, Opera, Mozilla Firefox, and Apple's Safari would do if I tried to click through. I used their code, just substituting avast.com for the malicious malware site.

I started out with Internet Explorer, version 8.0.6001.18702. This pleasantly surprised me as it blocked my attempt to click on this link.

The second browser tested was Google Chrome, version 13.0.782.107. When I moved the mouse over the link, it showed me that the link goes to avast.com

But when I clicked on the link, it directly took me to the avast.com site without a warning.

Opera, the third tested browser, behaved similarly to Google Chrome. When hovering over the link, it indicated that something was suspicious, but after clicking, I was redirected without any warning.

The fourth browser was Mozilla Firefox. With the older version 3.6.18, you need really good eyes to see that there is something wrong.

In the latest version 5.0.1, you can find that developers have focused on this problem.



But, the results were same in both cases if i tried to click on the suspect link.

 

The last browser tested, but not the least, was Apple's Safari. When i clicked on link, it showed me a huge warning that the link could be used for phishing.

The moral of the story is this: There are a lot of smart phish in the ocean - and they are getting better at looking more legitimate. And, in at least this single case, there was a wide difference between individual browser's ability to identify suspect code and warn users about potential problems. Security against these attempts still remains the responsibility of the individual computer user.

 

Virus Lab, lab, phishing, Analyses, Internet Explorer, google chrome, browser, Opera, Firefox