Also known as MIME Sniffing, this is a feature or bug in IE which is the only browser able to dynamically determine the content type of the document it loads. So, in this case, it detects a plain text document with HTML content instead of a an JPG header.
And the content of the “JPG” file which is text/html:
The URL was reported to Phishtank and CleanMX.
The users of Avira Professional and Avira Premium Security Suite are protected if they use the latest Webguard signatures.
© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch
The source:
http://asert.arbornetworks.com/2009/03/mime-sniffing-and-phishing/
Here in English:
http://www.h-online.com/security/Phishing-with-images-containing-hidden-code–/news/112945
Here in German:
http://www.heise.de/security/Phishing-mit-Code-in-Bildern–/news/meldung/135321
And the details with tests here:
http://www.heise.de/security/Risiko-durch-MIME-Sniffing-im-Internet-Explorer–/artikel/122187