Firefox, Opera allow crooks to hide an entire phish site in a link
By John Leyden
Posted in Malware, 3rd September 2012 15:52 GMT
A shortcoming in browsers including Firefox and Opera allows crooks to easily hide an entire malicious web page in a clickable link – ideal for fooling victims into handing over passwords and other sensitive info.
Instead, the malicious web pages can be stored in data URIs – uniform resource identifiers, not to be confused with URLs – which stuff the web code into a handy string that when clicked on, instructs the browser to unpack the payload and present it as a page.
It negates the need to find somewhere to secrete your malicious page, and once shortened using a service such as TinyURL, the URI can be reduced to a small URL perfect for passing around social networks, online chats and email. Crooks would still need to set up a server to receive data from victims, however.
Google’s Chrome browser blocks redirection to data URIs, and other browsers have limits on the volume of data that can be packed into URIs. Klevjer created a 26KB attack page that failed to load in Internet Explorer, but worked on both Firefox and Opera.