Computer Help Community

Community

Cyber Tech Help Community

New Tutorials

More Tutorials
PC Tutorials

New Downloads

More Downloads
PC Downloads

Member Testimonials

Open Member Quote   A big thanks to all of you mods and members who have been kind enough to answer all my questions even if they seem redundant. This is a quality forum. I must say that I really appreciate the help and answers I get here. Thank you all - myersjr  Close Member Quote
Member Testimonials
MY CYBER TECH HELP

LATEST TOPICS

Tech Help Community

Free Antivirus Scan

Free Virus Scan and a listing of the top 10 viruses in the wild - Free Antivirus Scan
Free Online Antivirus Scan

File Extension Database

Find what program a filetype belongs to in our searchable File Extension Database.
File Extension Database

Services

See what services Cyber Tech Help can offer your business or website: CTH Services
CTH Services

Related MS Links

Related Links
Cyber Tech Help Community

To the top of the page to top

 



Attacks on Unpatched IE Flaw Escalate

Latest News Latest News | News ArchiveNews Archive | Cyber Tech Help News RSS Feed!

Attacks on Unpatched IE Flaw EscalateAttacks on Unpatched IE Flaw Escalate

Posted by: Tweaker
Date added: 00:21, 28th March 2006 GMT
Source: Washington Post

Microsoft Internet Explorer

More than 200 Web sites -- many of them belonging to legitimate businesses -- have been hacked and seeded with code that tries to take advantage of a unpatched security hole in Microsoft's Internet Explorer Web browser to install hostile code on Windows computers when users merely visit the sites.

In an update to its Security Response Web log, Microsoft security program manager Stephen Toulouse said the attacks Redmond is seeing against the IE flaw "are limited in scope for now and are being carried out by malicious Web sites." I have to call Microsoft out on both counts, and I think some of what I've uncovered so far about these attacks should make it clear that the situation is serious and getting worse by the hour.

According to a list obtained by Security Fix, hackers have infected at least 200 sites, many of which you would not normally expect to associate with such attacks (i.e., porn and pirated-software vendors). Among the victims are a regional business council in Connecticut, a couple of vacation resorts in Florida, a travel-reservation site, an online business consultancy, an insurance company, and a site featuring things to do at various cities across the country.

On Friday, hackers broke into the Web site of shipping company DLPromotionFreight.com and planted code that attempted to use the flaw to steal user names and passwords stored by IE. Yaniv Zahavi, chief technology officer for Intermakers Inc., the Plantation, Fla., company that manages the site, said it appears that only a handful of customers browsed the site during the few hours the attack code was present.

Security Fix learned the location of one Web site being used as a virtual drop box for user name and password data stolen from people who'd visited the network of hacked sites (the SANS Internet Storm Center has a great post detailing exactly what one of these data-dump reports looks like). One of those victims was Abdel Marriez, a truck driver from Astoria, N.Y. The malicious program stole credit card information and credentials he used to access his e-mail online.

Marriez said he couldn't understand how the code could have landed on his computer, since he said he is fastidious about ensuring his Norton anti-virus program has the latest updates from Symantec. After this experience, he said, he plans to change browsers. "IE and me are through, that's it," Marriez said.

That same password-stealing program landed on the Windows PC belonging to Reaz Chowdhury, a programmer for Oracle Corp. who works out of his home in Orlando, Fla. Chowdhury said he's not sure which site he browsed in the past 24 hours that hijacked his browser, but he confirmed that the attackers had logged the user name and password for his company's virtual private network (VPN). Chowdhury also uses Norton anti-virus, which did not pick up any signs of infection. He said he won't rely on his anti-virus program to clean things up.

"It's really not worth the risk," Chowdhury said. "I'm going to reinstall [the operating system"> just to be sure." Both of these situations illustrate the dangers of relying on only anti-virus software. That is not to say anti-virus software is useless. It is a necessary element of protection for any Windows PC, and for better or worse will remain so for the foreseeable future. But there is a window of time between the creation of a new virus or worm and the availability of new anti-virus "definitions" that identify the intruder as malicious.

Microsoft says Windows users should "take care not to visit unfamiliar or untrusted Web sites that could potentially host the malicious code" and that people who want to use IE should either disable "active scripting" or download the IE7 beta2 preview.

Instructions for disabling active scripting are under the "workarounds" section of this Microsoft advisory (which incidentally is three clicks away from Microsoft.com homepage). Microsoft warns, however, that this may cause problems loading some Web sites.

Tools:  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

 

Post a commentPost a comment

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!  Register to become a member!  Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

 

[ To the top of the page To top | Latest News Latest News | News Archive News Archive | Cyber Tech Help News RSS Feed! ]