Miscreants Exploit Google-Outed Windows XP Zero-Day 497
CWmike writes "A compromised website is serving an exploit of the bug in Windows' Help and Support Center, identified by a Google engineer last week, to hijack PCs running Windows XP. Graham Cluley, a senior technology consultant at antivirus vendor Sophos, declined to identify the site, saying only that it was dedicated to open source software. 'It's a classic drive-by attack,' said Cluley. The tactic was one of two that Microsoft said last week were the likely attack avenues. (The other was convincing users to open malicious e-mail messages.) The vulnerability was disclosed last Thursday by Google security engineer Tavis Ormandy, who also posted proof-of-concept attack code. Ormandy defended his decision to reveal the flaw only five days after reporting it to Microsoft. Cluley called Ormandy's action 'utterly irresponsible,' and in a blog post asked, 'Tavis Ormandy — are you pleased with yourself?'"
Nice quote. (Score:5, Funny)
Graham Cluley, a senior technology consultant at antivirus vendor Sophos, declined to identify the site, saying only that it was dedicated to open source software.
Ballmer should be able to spin that into a win: "To be safe, all XP users are advised to avoid open source software stuff. It has viruses."
Unbelieviable (Score:3, Funny)
Re:The bad guys thank you Tavis. (Score:0, Funny)
5 days isn't a much time to wait before releasing this crap on the rest of us.
Speak for yourself, Windows user.
Let me get this straight... (Score:4, Funny)
JUNE 15th... (Score:4, Funny)
The elephant in the room (Score:5, Funny)
Graham Cluley...declined to identify the site, saying only that it was dedicated to open source software.
Begging the question: was it Slashdot?
[/humor]
Re:Ormandy did excercise responsible disclosure (Score:4, Funny)
I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...
I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...
I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...
I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...
Re:Dear Microsoft (Score:1, Funny)
But this is mickeysoft. Journalism has been giving them a by for decades. Its *NEVER* their fault.
EXAMPLES: Its the virus writers fault that viruses attack the software. If Linux were as popular, it would have viruses too. If people wouldn't publish these zero day exploits, then all the problems would go away. Can't we all just learn to get along? Its the internets fault. If you didn't plug into the internets, there would be no viruses. People are just picking on microsoft. People should pick on Linux and those others too. Linux and Mac get more viruses than microsoft, they only talk about viruses in the press because microsoft is so popular.
/EXAMPLES
And with that, all the fanboidom can achieve a zombie state. In the mean time, (as a Linux user who hasn't seen a virus in 15 years, has no anti-virus software on my computer, and has been plugged into the net all that time (and no sparky, I'm not infected, my computer screams speed and doesn't do anything funky) I can only watch in disbelief as people attempt self-hypnosis and delusion.
Re:Dear Microsoft (Score:3, Funny)
Cite: TFA.
What is this "TFA" of which you speak?