Forgot your password?
typodupeerror
Security Internet Explorer The Internet

Hackers Jump On Newest IE7 Bug 162

Posted by CmdrTaco
from the hop-on-pop dept.
CWmike writes "Attackers are already exploiting a bug in Internet Explorer 7 that Microsoft patched just last week, security researchers warned today. Although the attacks are currently in 'very, very small numbers,' they may be just the forerunner of a larger campaign, said Trend Micro's Jamz Yaneza. 'I see this as a proof-of-concept,' said Yaneza, who noted that the exploit's payload is extremely straightforward and explained that there has been no attempt to mask it by, say, planting a root kit on the victimized PC at the same time. 'I wouldn't be surprised to see this [exploit] show up in one of those Chinese exploit kits,' he added. The new attack code, which Trend Micro dubbed 'XML_Dloadr.a,' arrives in a spam message as a malicious file masquerading as a Microsoft Word document."
This discussion has been archived. No new comments can be posted.

Hackers Jump On Newest IE7 Bug

Comments Filter:
  • Whew! (Score:4, Funny)

    by the_humeister (922869) on Wednesday February 18, 2009 @11:49AM (#26903249)

    Glad I'm using Lotus Notes. Hmm...

  • by kcbanner (929309) * on Wednesday February 18, 2009 @11:50AM (#26903267) Homepage Journal
    ...when Microsoft stops bundling IE with Windows (depending on what happens with that anti-trust case in the EU). Does anyone know if that would also affect NA?
    • by the_humeister (922869) on Wednesday February 18, 2009 @11:53AM (#26903319)

      And then the exploits will occur with the browser that most people are using. Face it: there are bugs in every piece of software out there, and it's just a matter of time before someone finds and exploits them.

      • by kcbanner (929309) *
        I know. I'm just thinking in terms of the botnet spread "factor", I think that will go down as more people start using firefox/more secure browsers, and that market share will go up when Microsoft stops bundling IE. Of course they are just going to get the OEMs to do it for them, maybe some OEMs will package Firefox, who knows.
        • Fire Fox has it's own Zero Day attack [mozilla.com]
          I got nailed with the XP Police 'anti-virus' by navigating to a url via FireFox. No additional clicking, no user-error, no accepting/running/allowing anything out of the ordinary. Simply watched page load then was infected.

          I went back to the page in question with IE 8 and it wasn't vulnerable to whatever attacked FF 3.06.

          The browser religion war is over and we've all lost to shoddy programming. You can always attempt to hide in the latest obscure OS/browser, but at some

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        exactly. this is precisely the reason that Apache has far more exploits published than IIS.

        • The key word here is "published". This is, because Apache has an open bug tracker. And IIS has -- I guess from the quality ;) -- no bug tracker at all.
          But Apache fixes its bugs quickly, or even at all, compared to ISS.
          Well, I guess to get some useful numbers, one would have to count the numbers of actually used exploits.

          But then again, writing it anonymously most likely means that you are a troll...

      • Re: (Score:3, Interesting)

        And then the exploits will occur with the browser that most people are using. Face it: there are bugs in every piece of software out there, and it's just a matter of time before someone finds and exploits them.

        So a more diverse set of browsers in use leads to fewer people being exploited. Sounds like something worth encouraging. And while we're at it, how can we encourage vendors to make their browsers more secure and generally better. If only there were some way to motivate developers using common human motivations. I know, we could have them compete with each other on a level playing field in a fee market and the best browser will gain the most market share, so they will all work extra hard to make theirs the b

      • by compro01 (777531)

        And in all likelihood be far less significant, as the browser in question wouldn't be so damn tightly integrated into the OS.

    • by Anonymous Coward on Wednesday February 18, 2009 @11:54AM (#26903321)

      The new attack code, which Trend Micro dubbed "XML_Dloadr.a," arrives in a spam message as a malicious file masquerading as a Microsoft Word document. If the fake document is opened, the exploit hijacks PCs that have not been patched...

      Running Chrome or Firefox won't stop idiots from opening strange attachments.

      • by rolfc (842110) on Wednesday February 18, 2009 @11:57AM (#26903373) Homepage

        Running Chrome or Firefox won't stop idiots from opening strange attachments.

        Running Linux will.

        • Re: (Score:1, Funny)

          by Anonymous Coward

          Linux makes you smarter.

        • Running Chrome or Firefox won't stop idiots from opening strange attachments.

          Running Linux will.

          No. It will only stop the current exploits from being effective.

        • Re: (Score:3, Interesting)

          by Dotren (1449427)

          Running Linux will.

          Apparently not if you're using KDE or GNOME [slashdot.org].

          • by Tweenk (1274968)

            There are fixes:
            1. Require .desktop files to be executable to launch them
            2. Ignore the Exec= line in user overrides

            It's just a matter of someone contributing a suitable patch. It is not an architectural problem.

            • by N1AK (864906)
              So you are suggesting that a significant flaw in Linux has lasted so long, even though it is "just a matter of someone contributing a suitable patch"? Hardly a good arguement.

              Pointing out there are possible fixes doesn't absolve it from blame.
              • Re: (Score:3, Insightful)

                by Thinboy00 (1190815)

                Pointing out there are possible fixes doesn't absolve it from blame.

                No, it doesn't, and that is one of the major problems with FOSS: devs tend to avoid disturbing the ecosystem as much as possible, even when doing so is a good idea. If this was run in a traditional (read:closed-source) setting and IT heard that it would take the flip of a few bits to get rid of a major security vulnerability, how long would the bug live?

                I know some idiot mod will mark this as a troll because it is critical of FOSS. Really people, let's at least pretend to be civilized, please.

                • by ianare (1132971)
                  I'm not sure it's possible to paint all of FOSS, or all of closed source devs with such a wide brush. You do have some projects that are extremely risk and innovation averse, a classic example being GNOME, while others on the contrary have no problems starting everything from scratch like KDE has done. Similarly, you have Apple, the constant innovator, willing to dump legacy code to move forward, and MS, where their commitment to binary compability is limiting their progress.
                  Each strategy has its advantage
            • 1. Require .desktop files to be executable to launch them

              In addition, make the desktop environment not execute .desktop files under /home, and/or mount /home with noexec.

              If a user wants a launcher icon on their desktop, enforce that the icon is actually symlink to the real .desktop file under /usr/share/applications. (Can be done while hiding the mechanics from the UI trivially.)

        • by Greyfox (87712) on Wednesday February 18, 2009 @12:17PM (#26903669) Homepage Journal
          Back in the day when dinosaurs and mainframes walked the earth and the system programmer's room was likely to have more than one half-drunk cup of coffee with a cigarette butt floating in it, it was not uncommon to get an E-mail around Christmas time with an attachment in it. The attachment purported to display an ASCII Christmas tree on your terminal, complete with flashing ornaments and such.

          When it was run, this attachment would helpfully and quietly forward itself to everyone in your address book. A couple of days later, after cleaning up the smoking wreckage of the E-mail system, system administration would send out an E-mail suggesting that it's not a good idea to run programs from unknown sources.

          This was on IBM VM/CMS, a notably not-Microsoft OS.

          • by Bozdune (68800)

            Hey! I remember that! (shit, I'm old)

          • by ianare (1132971)
            Wasn't this also the time of the naive internet ? When all smtp traffic was on port 25 with forwarding enabled ? Before AOL and the dark times ...
        • by Locklin (1074657)

          Of course, you can always execute unsigned, untrusted code by downloading Firefox extensions on the Mozilla site.

        • Yes, but linux will also stop them from opening not-so-strange attachments, unfortunately.

        • by grumbel (592662)

          Running Linux will.

          Never underestimate the compatibility of Wine.

      • by Sleepy (4551)

        >Running Chrome or Firefox won't stop idiots from opening strange attachments.

        False.
        An idiot user will not know how to chmod +x a strange file, so your logic falls flat.

        And there's plenty of Linux users happy to run with whatever is available in the Ubuntu repository, that they don't mind being "locked out" of desktop changes.

        Contrast this with the Windows desktop user who will bitterly complain about not being able to open the Windows Clock on the taskbar, just to check dates on a calendar [a step which

      • Running OpenOffice will stop the macro from accessing IE, though. MS Office isn't even bundled with most XP anymore. It wasn't on mine, anyway.

        It's annoying that I can open everyone's files, but I need to export to a buggy format for others to open mine. But this news item proves it's worth it.

      • by ianare (1132971)
        No but it has been consistently shown that FF users keep their browsers up to date much sooner. Case in point : the huge number of IE6 users compared to FF 1.5 users out there. Even within major revisions, the less painfull FF upgrade system keeps the vast majority of people on the latest minor update or patch. Many IE users disable auto-updates because they're seen as an annoyance (asking themselves "why do I have to reboot simply to upgrade my web browser ?").
    • Re: (Score:1, Insightful)

      by jetsci (1470207)
      I wonder, what would un-bundling REALLY mean? Just that its easier to remove or that Microsoft OS' come with no browser? Now that would be a fun one for new users...
      • I wonder, what would un-bundling REALLY mean? Just that its easier to remove or that Microsoft OS' come with no browser?

        Well, literally it would mean Windows ships without IE to OEMs. That's not to say that this is the remedy the EU will choose. It is just one of their options and by itself, certainly not enough to remedy the broken market.

        Now that would be a fun one for new users...

        The EU's remedies will likely affect only MS, not OEMs. If you're technical enough that you're building a computer and installing Windows yourself, you're probably technical enough to download and install a browser too. If you're a normal person you buy a computer with software, OS, and ha

  • Already? (Score:1, Redundant)

    by sqlrob (173498)

    Must've been harder than usual. I would've expected it on Wednesday or Thursday of last week.

  • by TheRaven64 (641858) on Wednesday February 18, 2009 @11:57AM (#26903375) Journal

    a malicious file masquerading as a Microsoft Word document

    I don't think this is the same definition that the rest of us use. In related news, a lizard was seen masquerading as a gecko.

    • ... pretending to be helpful but surreptitiously twirling its moustache while doing nfaerious deeds to the computer and generally making life miserable for the user.... actually thinking about it - thats not too different from the real clippy.

    • While all sharks are fishes, it doesn't follow that all fishes are sharks. So it's a malicious file masquerading as a different kind of a malicious file; so what? ~

  • by Anonymous Coward

    "They invade our computers, and we fall back. They assimilate entire servers, and we fall back. Not again. The line must be drawn here! This far and no further! And I will make them pay for what they've done!" - Linus Torvald

    • "They invade our computers, and we fall back. They assimilate entire servers, and we fall back. Not again. The line must be drawn here! This far and no further! And I will make them pay for what they've done!" - Linus Torvald

      Sounds a bit like a Linus Maginot Line [wikipedia.org], to me.

  • Set the default viewer for msWord docs to the Word Viewer [microsoft.com], make normal.dot read only, disable auto-opening of macros ..
    • Re: (Score:1, Informative)

      by Anonymous Coward
      ...or use OpenOffice.
  • Use firefox? (Score:1, Interesting)

    by Anonymous Coward

    How would switching to FireFox help? So you can get a different brand of virus?

    Patch and keep patching. That is the only safe bet.

    Yes I am using Firefox right now.

    • by Danzigism (881294)
      It might help avoid certain exploits that penetrate holes in IE, but working in an environment where I see 30+ computers in the repair shop every week, Firefox or IE, the computers still get viruses. It bugs me a little when I hear customers say, "Well a friend of mine told me to use Firefox because it is more secure" when their computers are still heavily infected with malware. You can still easily get infected. It's not the browser's fault, it's the OS's fault..
  • Will it blow my version of OO when I try to open the WORD document?
    I am glad to hear that it wont affect the REGISTRY on Slack.

    I am so waiting for the malware that runs "FORMAT C: " or whatever
    it is nowadays.

    • by jetsci (1470207)
      It charges extra for THAT....
    • reminds me of the first virus I ever encounter, something Jericho; I knew I was in trouble when /format :c was no longer working. Oh, the days when a reformat and reinstall took 30 min, and all your documents were "safe" on floppies anyway.
      • by fataugie (89032)

        You mean on all those old, re-formatted AOL disks?

        HAHAHA

        /me grabs stomach, slaps knee and wipes a tear from his eye

        • We would have killed for reformated AOL disks! This was 1990 or so, they weren't giving them away yet (at least where I went to school). So past the time when we were cutting extra slots in 5.25" floppy holders to use the single sided ones double sided and saved 50 cents each.
          • by fataugie (89032)

            Wow, you're really old.

            Hey Grandpa, tell me about when you used to have trays of punch cards... ;-)

    • Re: (Score:3, Informative)

      by The MAZZTer (911996)
      Viruses/Virii don't tend to destroy the computer anymore, since that pretty much gives them away AND also makes it difficult for them to propagate or earn money off of you (ad views, purchases) when your computer won't turn on.
  • This is exactly why I use Lynx. The ASCII porn is getting a bit old, though.

    • by Culture20 (968837)
      That's why you need to upgrade to elinks. You know you want to. Colored text is the best text.
  • Hackers exploit already patched code! Security vendors come up with detection routine to protect from exploits targetting at already patched code. Sysadmins everywhere say to themselves, "I'm sure glad I applied that patch last week." Life goes on.
  • Dear Sir,

    I am writing in reference to the "Chinese Exploit Kits" you mentioned on the Slash Dot on 18 February. Please inform me if you have further information on availability of these kits.

    I would also be interested in subscribing to your newsletter.

    Sincerely,

    TheModelEskimo

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (2) Thank you for your generous donation, Mr. Wirth.

Working...