False positives about URL-Spoof leak

  • Thread starter Thread starter Gabriela Salvisberg
  • Start date Start date
G

Gabriela Salvisberg

Recently we've read again about the URL-Spoof leak in Microsoft
Internet Explorer (http://support.microsoft.com/?kbid=834489).

Now some AV company is keen in detecting anything that may look like
this exploit, wherever they find it.

So don't be surprised, if your virus scanner pops up with an URL-Spoof
alert, while you are just reading any web news message which tries to
explain the exploit just by quoting (but not linking to) an example
like this one:
"IE probably wont show the real address, if the URL is built like
http://www.gooddomain.inv@www.evilhacker.inv"

Yesterday we got e-mails from some customers, who were worried about
URL-Spoof alerts while they were reading some IT news web pages.
Unfortunately they didn't tell us which AV software they are using. So
I can only do a guess: It was not Kaspersky (I'm using it at home and
it doesn't alert on quoted examples like these). And it was not Sophos
(we're using it at the office; and it doesn't alert on this either).
I'm quite sure it was Norton.

Gabriela
 
I said:
Recently we've read again about the URL-Spoof leak in Microsoft
Internet Explorer (http://support.microsoft.com/?kbid=834489).
Now some AV company is keen in detecting anything that may look like
this exploit, wherever they find it. [sniped]
I'm quite sure it was Norton.
Click to expand...

Now I've verified with one of our customers: It wasn't Norton, but
McAfee.

Gabriela
 
Back
Top