>From the original discover, 'bitlance winter' one big fat coelacanth: <a href="http://www.malware.com%2F redir=www.e-gold.com">test</a> "i guess that this issue is not e-gold's BUG, IE6 and Opera7.51 is vulnerable. Some server's DNS allow magic number subdomainname. the server allow , www.site.tld wwwww.site.tld wwwwwwwwwwww.site.tld www www.site.tld wwwURLEncodecharcterswww.site.tld when the server allows URLEncodecharacters evil attackers can fake victim users who use Opera and IE . the attacker will make their DNS *.evilsite.tld IN A 333.333.333.333 using this DNS, victim's IE can shows victim http://w.evilsite.tld http://wwwwwwwwwwwwwwwwwww.evilsite.tld and then, attacker makes an evil link as http://www.microsoft.com [malicious falke char$] evilsite.tld and then, attacker set tricks Bugtraq: Stupid Phishing Tricks (you find it) victim user will input his userID and password. I guess many server's DNS allow *.evilsite.tld IN A 333.333.333.333 because they use magicnumber SSL cert. Attacker can use this method." -- http://www.malware.com
