German Second Life users at risk [UPDATED]

The new HTML based login system starting from version 1.18.6 used in current First Look and Windlight Second Life (beta) viewers has an error in the German translation file which risks exposing login credentials of any user who uses these viewers with the German Language enabled.

The file /skins/xui/de/panel_login.xml (below the Second Life installation directory) which sets the information about the login form to be displayed (and thus to have your login information sent to does not access Second Life or Linden Lab webservers).

Instead, the file directs the viewer to load a login form from sdfsfsfds.com - a domain which did not exist, but was registered by person or persons unknown on Wednesday 26 December. (Update: The server appears to be located in Amsterdam)

This website does not appear to be operating as a trojan/account-stealer at the time of this writing, but if the operators wish it, it appears that it could do so at any time.

If you use affected versions of the browser, please do NOT use German as the language set for the viewer. Alternatively, copy the English language version of the file from /skins/xui/en-us/panel_login.xml over the top of the affected file. A third alternative is to revert to using a viewer in the 1.18.5 series (the official viewer is a 1.18.5 viewer and can be downloaded here)

UPDATE:

At 10:55AM SLT (US Pacific) Phoenix Linden reports that "The first look viewer has been taken down and taking further actions to prevent the owner of sdfsfsfds.com from unauthorized access to accounts." and that steps are being taken to address the problem.