New phishing security flaw discovered in IE 7

Security experts have discovered a deadly weakness in Internet Explorer 7 that could be exploited by hackers to bypass the browser 's anti - phishing features.

Security vendor Secunia said IE 7 allows a website to display a pop-up window containing a very sophisticated fake link. Hackers can take advantage of this security flaw to trick Internet users into accessing a malicious website that they still seem to be accessing a trusted website.

Not only discovered, Secunia also created a practical example to demonstrate the above security error. In this example, the pop-up window still displays Microsoft's official website address, but the content is a separate site of Secunia.

The Microsoft representative said the root of the security flaw is in the way that IE 7 shows the web address in the Address bar. The pop-up window normally blocks the left part of the web address, if you click on the browser window or the Address bar, the actual address will appear.

However, the attacks through taking advantage of this security flaw will not be successful if the web site breaks out as a phishing site that has been blacklisted, Microsoft said. IE's anti-phishing feature will identify websites and warn users.

Currently, Microsoft has not recorded any attacks by taking advantage of the security error mentioned above.

Security firm Secunia only classified this security error as 'less critical'. However, this is still considered the first security bug in Microsoft's new browser.

Microsoft will continue to investigate more about web address spoofing security flaws in IE 7 and will fix it as soon as possible.

Hoang Dung