IE7 Redirected 1.2 Million Phishing Attacks in 2 Weeks

There is an open and public face-off between Mozilla Firefox 2.0 and Microsoft Internet Explorer 7 and the situation has also been emphasized by a comparison of the anti-phishing technologies introduced in the two browsers. Both Mozilla and Microsoft contracted anti-phishing performance tests and each browser came on top of the other in their respective effectiveness studies.

Additionally, Microsoft, through the voice of Rob Franco, IE Lead Program Manager put forward the figure of 1.2 million for the total phishing redirections made by Internet Explorer 7. The phishing redirections correspond to the time from the final launch of IE7 on October 18 and until November 3, 2006. The 1.2 million number of phishing redirections mirrors a limited deployment of Internet explorer 7 that is not even near as spread as IE6, Microsoft planning to deliver IE7 via AU at a pace of 1 million updates(1 percent of English-language IE6 users) per day for the next three months.

The Internet Explorer 7 Popup Address Bar Spoofing Vulnerability reported by Secunia works in correlation with the focus automatically moving to the address bar of a newly opened window.

"In the spoof scenario, as soon as you click inside the page, the address bar scrolls back to the left jarringly and shows the real address of the page. That means that this spoof requires that the user have their guard down. I spoke with the team about this bug and they are upset that it got through the process but it also highlights how much every browser still depends on users to inspect URLs that could be misleading or convoluted."

While Microsoft is working on developing a fix for the spoofing bar vulnerability, IE's Phishing filter is a viable line of defense. "The Phishing Filter team reports they had navigated customers away from over 1.2 M phishing sites as of 11/3," concluded Franco.