x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

URLSpoof

 
Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:URLSpoof
Technical name:Exploit/URLSpoof
Threat level:Low
Type:Hacking Tool
Effects:  It allows to craft a web link that displays a web address on the Address bar while accessing other.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Jan. 13, 2004
Detection updated on:June 8, 2005
StatisticsNo

Brief Description 

    

URLSpoof is code written in the HTML language, which is included in the body of a message or of a web page in order to exploit a vulnerability in the browser Internet Explorer.

This vulnerability allows to craft a web link in such a way that, if it is clicked, Internet Explorer displays a web address in the Address bar, but accesses a different one. Moreover, if the user hovers the mouse pointer over the crafted hyperlink, the Status bar in Internet Explorer displays the legitimate web address, making the user believe that it would be the web page accessed if the link is clicked.

URLSpoof can be massively sent via email in messages with HTML format, or it can be hosted in web pages. These messages or web pages contain hyperlinks that would supposedly access websites that handle critical information, such as electronic banking sites.

In fact, the website displayed on the browser is a fraudulent copy, and third parties could access and use the confidential information entered by the affected user.

If your computer has Internet Explorer v5.01 or later, it is highly recommendable to download the security patch from Microsoft's website. Access the web page for downloading the patch.