According to Arbor Networks, the DDoS security specialist, a new type of phishing attack that includes images with hidden HTML and Javascript calls in them has started appearing.

The code calls appear to exploit a problem with Internet Explorer's MIME (Multipurpose Internet Mail Extension) security and trigger a fake eBay login page.

The page call normally generates an error message on Mozilla Firefox and Apple Safari web browsers, but Internet Explorer, says Arbor, appears to execute the code normally.

Infosecurity notes that the problem stems from the way that Internet Explorer 4 and above detects a MIME call.

Whilst accessing a file from the MIME call, Internet Explorer automatically checks the type of content and, under certain circumstances, ignores the file name extension or content type stated in the MIME call.

Because Internet Explorer 4 and above interrogates the first 256 bytes of the called file, the ‘image’ can contain HTML jumps and/or Javascript calls, which Internet Explorer then acts upon.

This technique has been used for cross-site scripting attacks in the past but Infosecurity notes this appears to be the first time it has been used in a phishing email.