Spoofed URL

A Spoofed URL describes one website that poses as another. It sometimes applies a mechanism that exploits bugs in web browser technology, allowing a malicious computer attack. Such attacks are most effective against computers that lack recent security patches. Others are designed for the purpose of a parody.

During such an attack, a computer user innocently visits a web site and sees a familiar URL in the address bar such as http://www.wikipedia.org but is, in reality, sending information to an entirely different location that would typically be monitored by an information thief. When sensitive information is requested by a fraudulent website, it is called phishing.

The user is typically enticed to the false website from an email or a hyperlink from another website.

In another variation, a website may look like the original, but is in fact a parody of it. These are mostly harmless, and are more noticeably different from the original, as they usually do not exploit bugs in web browser technology.

This can also take place in a hosts file. It can redirect a site(s) to another IP, which could be a spoofed website.

See also

• Computer insecurity
• Hosts File
• IDN homograph attack
• Spoofing attack
• Social engineering (computer security)

External links

• Secunia security describes Microsoft Internet Explorer URL spoofing vulnerability 2003
• Microsoft Knowledge Base Article 833786 - Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks.