Latest Version of MyDoom Exploits New IE Flaw 435
techentin writes " CNN Money is reporting a new and improved MyDoom variant which is spread by a hyperlink in email. Clicking the link connects the user to an infected machine, which exploits a recently discovered buffer overflow in Internet Explorer. McAfee has a more detailed description. Is this yet another good reason for running Firefox?" CNET also has a story.
ClamAV stopped this 5 hours ago (Score:3, Interesting)
Happy to see that ClamAV had the pattern files through a cron job 5+hours ago.
Scary social engineering (Score:4, Interesting)
----
Re: my bill
From: [from address, probably spoofed]
To: [My adress]
Requested file.
+++ Attachment: No Virus found
+++ [Name of antivirus software] - [website of antivirus software]
bill.zip
-----
The zip contained a pif file with a
Particularly scary social engineering, since it claims to be from an anti-virus company that I'm actually familiar with.
A few more features needed in Firefox. (Score:1, Interesting)
"Whassat Boss? *Minimizes browser to tray* Nah, just working on the company project. Not browsing Slashdot. Waste company time? Perish the thought."
Re:CNN Story (Score:5, Interesting)
Remember how FireFox handled the download bug? Old copies of the browser would actually be redirected to an auto-update site. Click a button, wait for a few kb download, and voíla! A secure browser.
buffer overflow protection? (Score:5, Interesting)
buffer overflow protection:
http://vil.nai.com/vil/images/vse80i
I mean if my program has a buffer and I want
to overflow it have can they stop it. The screenshot mentions APIs so make it just knows about the Win32 APIs.
McAfee VirusScan (Score:5, Interesting)
Now how's that for secure?
I may never, ever figure out the mentality of that decision.
Re:Are any of you forgetting.. (Score:1, Interesting)
I know there's probably a way to reduce the size, but why bother when firefox is right there with very little wasted space starting with install?
Re:sp2 (Score:3, Interesting)
Re:CNN Story (Score:3, Interesting)
It is also your file system browser.
Integrating a web browser (i.e. the program that messes around with places of questionable authenticity) with your file system browser (the program that connects with your most sensitive files) is just insane from a security point of view.