Sounds like you can score one for McAfee. :)

They have more information about "Exploit-IEPageSpoof" here:
http://us.mcafee.com/virusInfo/defau...virus_k=130508

The McAfee page has a link to the US Department of Homeland Security's US-CERT
site that gives more info:
<A HREF ="http://www.kb.cert.org/vuls/id/356600">http://www.kb.cert.org/vuls/id/356600</A>

The actual xss vulnerability is actually relatively low risk. But when it is
combined with a phishing attempt, it is nearly impossible to tell that the
site you're taken to is not the real thing.

HTH
Tom

> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of GM
> Sent: Saturday, January 15, 2005 10:51 PM
> To: Tom; [email protected]; [email protected]
> Subject: Re: [mru] Dangerous IE6 vulnerability - not yet patched
>
>
> Tom,
> I click on the test link and immediately my McAffee pops up a warning
> message & states that is a Trojan virus type and ask me to Delete which I
> did???
> Thank you,
> Mario
>
> ----- Original Message -----
> From: "Tom" <[email protected]>
> To: <[email protected]>; <[email protected]>
> Sent: Saturday, January 15, 2005 5:26 PM
> Subject: [mru] Dangerous IE6 vulnerability - not yet patched
>
>
> > If you use IE6, swing by this site and see just how bad this one is. It
> can be
> > used for phishing and is VERY effective:
> >
> > http://secunia.com/advisories/13482/
> >
> > Be sure to run the test on that page if you are unconvinced.
> >
> > HTH
> > Tom
> >
> >