Danish security firm Secunia has uncovered a flaw in Internet Explorer that could be used by e-mail phishing fraudsters to create more convincing spoof Web sites.
Criminals can explot the vulnerability to overlay Web addresses with any URL name they wish in the address and status bars of IE. By obscuring the fake Web address in this way, the scammers can effectively trick e-mail recipients into thinking they're visiting a legitimate banking Web site, rather than a virtual facade erected to capture user security details.
Secunia says the flaw has been confirmed in IE 6.0 and possibly older versions. Outlook Express 6.0 and Mozilla Firebird 0.7 are also thought to be at risk.
Microsoft says it is investigating the bug and may issue a patch to remedy the defect. The company has objected to Secunia's public disclosure of the vulnerability which may put unprotected computer users at risk.