Notes: COELACANTH: Phreak Phishing Expedition

["http-equiv () excite com" <1 () malware com>]

Let me add some notes to this:

1. Placing microsoft.com in the so-called 'trusted zone', will 
render the site contents of e-gold.com in the 'trusted zone'

2. Opera fails, Mozilla functions

3. While it may appear to be related to the html form, the same 
can be achieved with a normal href or normal submit type html 
form:

<a href="http://www.malware.com%2F redir=www.e-gold.com">test</a>

4. %2F may not be an actual requirement as that might only be 
site specific

5. So far no other server or domain other than e-gold on IIS 4 
found [at least from here]

<a href="http://www.microsoft.com%2F redir=www.e-
gold.com">test</a>

 
-- 
http://www.malware.com