Users who have downloaded Windows XP Service Pack 2 are protected, but other users of Internet Explorer 5.5 and 6 need to install the patch to be protected. A separate but similar address bar spoofing flaw exists only in computers using double-byte character sets, usually found in Asian versions of Windows, and is also addressed in the MS04-038 patch.
The SSL flaw, discovered by Mitja Kolsek from ACROS Security, exploits a weakness in the Internet Explorer cache, which stores web pages on a computer’s hard drive. The exploit, described in an analysis by ACROS, requires a combination of advanced techniques to succeed, including a “man in the middle” strategy to redirect a user via bogus DNS requests. While most phishing scams settle for less ambitious approaches, the SSL spoofing flaw could add an air legitimacy to scams mounted by sophisticated attackers.
Netcraft has developed a service to help banks and other financial organizations identify sites which may be trying to construct frauds, identity theft and phishing attacks by pretending to be the bank, or are implying that the site has a relationship with the bank when in fact there is none.