Corporate Servers Spreading IE Virus [Updated]

uncadonna writes "ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms." Update: 06/25 14:50 GMT by J : A reader points out Microsoft's What You Should Know page. Here's the short version for avoiding this Critical severity attack: you must install add-on software, and change multiple settings in multiple programs, thus causing "some Web sites to work improperly." By changing more settings, you can regain functionality for a particular site if "you trust that it is safe to use," which you have no way of knowing. Or try Firefox. Update: 06/25 19:30 GMT by J : Reuters reports the attack installs a keysniffer which can steal credit card numbers, passwords, and so on. The story offers safety tips, but fails to mention that, after patching the hole, many users will be infected without their knowledge. Shouldn't the "fix" include ceasing to type anything important into your computer until you purchase software which can detect and remove the Trojan? And will you be downloading that software with Mastercard or Visa?

yes

[mwolff]

http://www.mozilla.org

This just in...

[howman]

It has just been brought to our attention at the root of the problem this site [microsoft.com]

Re:Security Advisories

[sploo22]

The site which is actually sending the infected file seems to have been slashdotted. Is this the next wave of antivirus technology?

I thought ZD were MS shills

[samjam]

I have thought for years that Ziff-Davis were Microsoft Shills. [I don't mean all MS software is bad, I just mean Ziff-Davis seemed impervious to facts in their reviews]

If ZDNet is saying to stop using IE things must be bad.

I have tried to depart from IE 2 or 3 times but failed. As soon as I type this message I make the move for good. Hello Mozilla.

Sam

What would be funny...

[N3koFever]

...is if they infect the Windows Update servers. You go there to fix the vulnerabilities in IE and *BAM* you're infected with the same vulnerabilities you're trying to fix.

Re:Hmmm....

[Mz6]

Yeah... But that's also the excuse I get when I have to clean off XXXToolbars that has infected their computer.

"I swear, I never go to those sites, only the major ones."

Re:yes

[lpret]

http://lynx.browser.org/ -- I've yet to see an exploit that's affected me.

Re:yes

[atomic-penguin]

I've yet to see an exploit that's affected me.

Perhaps, you've heard of them. It's an affliction called frames.

Re:yes

[Zog The Undeniable]

Up from the depths,
Thirty storeys high,
Breathing fire,
His head in the sky,
Mozilla! Mozilla!

(with apologies to the 1980s cartoon)

0-day?

[maximilln]

I can't help but chuckle every time these come out because all I hear in my head is the line,"All viruses are created after the exploit has been announced."

Keep those 0-day exploits coming, boys.

IE was a great friend...

[tobechar]

as I quiety tap the nails of the coffin.

Re:This could finally be it

[bigberk]

The disaster we all knew was going to happen.

Nope, the disaster hasn't happened yet. When it happens, the economy will collapse and what's left of Microsoft will be hauled before court. The FBI or some other government body will use its existing evidence to show that Microsoft knew about the risks posed by its monoculture OS/desktop yet failed to take the necessary measures to protect consumers and businesses. It will be a grey area but it won't matter, since mainstream IT will be shattered. The nerds will rebuild, and will be filthy rich. Women will throw themselves at us.

The best "Fire-" name?

[LondonLawyer]

Surely it has got to be:

"FireBillGates"

Re:yes

[fuzzix]

Perhaps, you've heard of them. It's an affliction called frames.

I've heard of them. I've also heard of tables. This is why I use Links [mff.cuni.cz]

Re:But How Many People Will Switch?

[lewp]

And while they're recovering from your assault the top-notch assistive technologies in the latest GNOME releases would allow them to continue to get work done. Another Linux convert!

Maybe getting the Linux revolution in full swing requires geeks to start beating people mercilessly for their own good. What Microsoft can do with billions of marketing dollars, we can do with a board with a nail in it.

(Most of us are rather weak, so I recommend teaming up 3-4 geeks per regular person you're trying to... um... educate.)

Re:yes

[wwwillem]

real hackers browse the web with "telnet www.whatever.com 80 [return] [return]" :-)

How ironic....

[SwedishChef]

that the page for reading the responses included a large banner ad for Microsoft that claimed they take your security seriously and saying, "visit microsoft.com/it/security/IT today.

Re:yes

[johnnyb]

Yeah, but remembering the cookies is a pain in the butt.

You know ...

[joel_archer]

Microsoft just isn't ready for the Enterprise. Perhaps in a few years. Plus there all those nasty rumours about stealing the TCP/IP stack from BSD.

Re:yes

[Mordaximus]

Hehe, maybe they should have called Firefox Mozooky instead!

Re:The best "Fire-" name?

[Anonymous Coward]

my firesomething labels my browser Andy's SuperSlashdotReader, (or 1337BoobFinder)

Re:yes

[Anonymous Coward]

Up from your swap
Thirty megs in size
Leaking memory
Thrashing your drive
Mozilla! Mozilla!

Re:This could finally be it

[GPLDAN]

The nerds will rebuild, and will be filthy rich. Women will throw themselves at us.

This implies that all nerds are men. Or lesbians.

Re:Firefox

[Anonymous Coward]

Wow, another Opera user, that's two this year alone. I guess it's ddefinitely and "up and comer" and "one to watch"!

Re:Wonder How Microsoft Will React

[Anonymous Coward]

Oh yeah right. Like my friends and family don't think I'm *enough* of a loser.

Now I'm supposed to sit down with them for a "face-to-face" about two browsers which are *identical* from their point of view?

"Susan, come here for a minute."

"Why? I've got to go in 10 minutes, I'm really busy."

"No this is really important."

"Oh okay"

"I wanted to show this web browser"

"Yeah, explorer, so what?"

"No!!! This is FIREFOX!! AN ADVANCED OPEN-SOURCE WEB BROWSER!! MUCH MORE SECURE!!!"

"It looks like explorer to me."

"Well, it LOOKS like explorer but it's better. Look here, this is etrade.com, it looks just like explorer right? open source rules!"

"Uhh, yeah, it looks exactly the same to me. Well don't mess up my computer I have to go."

"WAIT!!! If there had been a virus there on etrade.com you WOULDN'T HAVE GOTTEN IT!! ISN'T THAT AWESOME!!!!!!!!"

"You are such a loser."