New IE Flaw May Help Phishers

A newly reported security problem in Microsoft's Internet Explorer Web browser allows attackers to create a fake Web site that looks exactly like a genuine site.

The vulnerability lets an attacker display any Web site while the address bar in IE will display a trusted Web address and even show the icon indicating SSL (Secure Socket Layer) security, security researchers warn.
The issue could result in more sophisticated phishing scams, a prevalent type of online attack that typically combines spam e-mail messages and Web pages that look like legitimate e-commerce sites to steal sensitive information such as user names, passwords, and credit card numbers.
The problem was discovered by a security researcher from the Greyhats Security Group and reported last week by Danish security company Secunia. The vulnerability lies in an ActiveX control in IE and has been found to affect version 6.0 of the browser running on Windows XP (news - web sites) with Service Pack 2 and earlier versions, according to a Secunia advisory.

[more..]