Corporate Servers Spreading IE Virus [Updated] 1028
uncadonna writes "ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via
several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms." Update: 06/25 14:50 GMT by J : A reader points out Microsoft's What You Should Know page. Here's the short version for avoiding this Critical severity attack: you must install add-on software, and change multiple settings in multiple programs, thus causing "some Web sites to work improperly." By changing more settings, you can regain functionality for a particular site if "you trust that it is safe to use," which you have no way of knowing. Or try Firefox. Update: 06/25 19:30 GMT by J : Reuters reports the attack installs a keysniffer which can steal credit card numbers, passwords, and so on. The story offers safety tips, but fails to mention that, after patching the hole, many users will be infected without their knowledge. Shouldn't the "fix" include ceasing to type anything important into your computer until you purchase software which can detect and remove the Trojan? And will you be downloading that software with Mastercard or Visa?
yes (Score:5, Funny)
Re:yes (Score:5, Funny)
Re:yes (Score:5, Funny)
Perhaps, you've heard of them. It's an affliction called frames.
Re:yes (Score:5, Funny)
I've heard of them. I've also heard of tables. This is why I use Links [mff.cuni.cz]
Re:yes (Score:5, Funny)
Thirty storeys high,
Breathing fire,
His head in the sky,
Mozilla! Mozilla!
(with apologies to the 1980s cartoon)
Re:yes (Score:5, Funny)
Thirty megs in size
Leaking memory
Thrashing your drive
Mozilla! Mozilla!
Re:yes (Score:5, Informative)
http://www.mozilla.org
Two things:
1. Don't use an account that has elevated priviledges.
2. Don't install the latest security patches for I.E. 6.0.
The article mentions that the exploit takes advantage of the recently announced vulnerability in I.E. that an advertising company was exploiting. My testing of this vulnerability revealed that it would be unsuccessful if you didn't use a priviledged account. And oddly, at least with the previous exploit, the code wouldn't run until I installed the latest security updates. A generic install of Windows XP or one with SP1 didn't appear to work. Odd.
Re:yes (Score:4, Funny)
Re:yes (Score:5, Funny)
Re:yes (Score:5, Interesting)
Re:yes (Score:5, Insightful)
Mozilla Backup! (Score:5, Informative)
Wonder How Microsoft Will React (Score:5, Insightful)
However, I doubt Microsoft will do anything for at least two months. Hopefully by then a major news source will pick up the story and everyone will hear it.
Re:Wonder How Microsoft Will React (Score:4, Informative)
Re:Wonder How Microsoft Will React (Score:5, Interesting)
A quick scan of that article and I couldn't see any mention of using an alternative browser, just the usual "update virus checker, etc"
We need these sites to push the idea of Mozilla to the masses
Re:Wonder How Microsoft Will React (Score:5, Insightful)
And just WHY should CNN, or any other news service, "push" one product over another? What possible interest could they have?
What is needed is for people (Slashdotters???) who provide "level one" tech support to family and friends to do what I did on my fiancee's computer about three weeks ago.
Her installed IE would crash while launching and ask if she wanted to send an error report to MS. I ran ad-aware on her box and found about a dozen "browser hijacks" in amongst all the malware cookies, etc. I removed them, removed all the "Shortcuts to IE and Outlook Express from her desktop, installed Firefox and Thunderbird (along with the AdBlock and Things They Left Out extensions and a theme she liked), then made sure they were set as the default browser and mail program. Next I imported her Inbox from Outlook Express into T-bird. Finally, I turned on pop-up blocking and showed her how to use AdBlock to block ad servers.
She's been happy as a clam ever since. To quote, "Getting on the 'net is fun again."
Don't ask the media to do our job for us.
Re:Wonder How Microsoft Will React (Score:4, Interesting)
> product over another? What possible interest could they have?
Rhetorical questions, both. Historically, the media frequently takes positions on all sorts of things. Your questions imply that they don't.
While I share you enthusiasm for a grassroots process of replacing bad software with good software, historically, the evidence that suggests that this might actually happen is pretty poor.
Almost every non-technical person that I've met doesn't care about any of this stuff. In fact, if they did not suffer from viruses and pop-ups and spam and trojans, they would worry that something is actually wrong with their computer.
--Richard
Re:Wonder How Microsoft Will React (Score:5, Insightful)
I don't think they should push one product over another, but I would love to see them identify the product & vendor of the vulnerable software. Too often these stories are very generic, saying that the virus infects your computer when you visit a website -- whereas they should say that the virus infects Microsoft Windows(tm) when you use Microsoft Internet Explorer(tm) to visit a website.
In addition, rather than saying that you should just keep your anti-virus software up-to-date, they should offer the useful tidbit that the virus could also be avoided by using alternatives the vulnerable products. They don't have to mention Opera or Mozilla. They don't have to mention Linux or MacOS X. Just let the users know that there are other things they could do beyond paying Symantec (et al) for a more recent anti-virus package.
What's possible interest could they have in doing this? To inform. That's a novel concept for a news source, I know...but I'd still like to see it happen now & then.
Re:Wonder How Microsoft Will React (Score:4, Interesting)
In this article, it says (towards the bottom)
"Meanwhile, the average Internet surfer is left with few options. Windows users could download an alternate browser, such as Mozilla or Opera, and Mac users are not in danger."
What I found somewhat funny was this quote (from NetSec's chief technology officer)
"I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now"
Does that mean he forsees a time in the near future when this kind of problem will go away? I don't.
Re:Wonder How Microsoft Will React (Score:5, Insightful)
Very very few. I've got firefox installed on my family computer. Despite them getting infected with adware and spyware through IE, none of them want to use firefox. I've asked them many times, and even gone to the point of deleting IE, but their resillence to use anything else forced me to put it back on (amongst other reasons).
However, while Mircosoft are normally very good at patching these secuirty faults, this time they have totally failed. The blame doesn't rest with stubborn users who refuse to switch. The blame rests with Microsoft's inability to provide a patch in time.
Once they do supply a patch, it will then turn into the case of a supid user who doesn't patch. (and my server's apache logs show this, I'm still getting attacked by Code Red from infected servers who have not been patched).
Hopefully Microsoft will adapt to the pressure created by the users not being happy with the situation and release a patch.
Then again, looking at the age of IE and the number of requests to make a better version added to the time its taken them to respond, I'm stating a pool for those who want to bid on the release date of the patch. All dates start from 2005 onwards...
NeoThermic
Re:Wonder How Microsoft Will React (Score:5, Interesting)
If you would be so kind, I am really curious what the reasons were.
What I have always done is download Firefox, change the icon to the blue E, and rename the shortcut "Internet Explorer". I then tell them, "It's the new version of Internet Explorer, called Mozilla."
I have had no people complain or ask to have the "old" version back. In fact, the only thing I have heard is praise ("It's so fast", "I don't get pop-ups anymore", etc).
I've done this for about 60 users (45 computers), so far.
- Tony
Re:Wonder How Microsoft Will React (Score:5, Informative)
Go, Mozilla Firebadger!
The best "Fire-" name? (Score:5, Funny)
"FireBillGates"
Re:Wonder How Microsoft Will React (Score:5, Insightful)
A much better approach would be to sit down with the users with both browsers, and surf to good and bad sites with both to demonstrate the differences.
Re:Wonder How Microsoft Will React (Score:5, Funny)
Now I'm supposed to sit down with them for a "face-to-face" about two browsers which are *identical* from their point of view?
"Susan, come here for a minute."
"Why? I've got to go in 10 minutes, I'm really busy."
"No this is really important."
"Oh okay"
"I wanted to show this web browser"
"Yeah, explorer, so what?"
"No!!! This is FIREFOX!! AN ADVANCED OPEN-SOURCE WEB BROWSER!! MUCH MORE SECURE!!!"
"It looks like explorer to me."
"Well, it LOOKS like explorer but it's better. Look here, this is etrade.com, it looks just like explorer right? open source rules!"
"Uhh, yeah, it looks exactly the same to me. Well don't mess up my computer I have to go."
"WAIT!!! If there had been a virus there on etrade.com you WOULDN'T HAVE GOTTEN IT!! ISN'T THAT AWESOME!!!!!!!!"
"You are such a loser."
Re:Wonder How Microsoft Will React (Score:5, Insightful)
So the only recourse to introducing the new software is to *trick* people into using it? Doesn't sound like a very effective (or fair) argument.
Re:Wonder How Microsoft Will React (Score:5, Insightful)
The problem is that most people think that that Blue E == The Web == The Internet. E.g. many don't see they're also using internet when they're e-mailing. When you say "I'm gonna remove IE and give you firefox.", they think "He's gonna remove my internet access for some fire security reason! Ahrg!" They somehow just can't grasp what the internet is. What they see is the web, therefore they assume that the web == the internet. To start 'the internet', they click the blue E, therefore they assume that the blue E == the internet.
Somehow you've got to educate those people that The Internet != The Web != Blue E. Now you're just abusing their primitive assumptions. ;)
Re:Little things (Score:5, Informative)
I wont comment on your other problems with switching. But you could at least try these things with FireFox. As it turns out both of those hotkeys do exactly the same thing as IE under FireFox. Just tried it with 0.9.
Re:Little things (Score:5, Insightful)
IE works.
Well, the fact that you can become infected with a trojan simply by VISITING a web site, with no user interaction at all required, tells me than NO, IE does NOT work.
But that's just a reflection of my personal criteria for whether or not something works.
tough love (Score:5, Insightful)
Okay, just this once: (Score:5, Informative)
Open HKEY_CLASSES_ROOT\http\shell\open
Remove the "ddeexec" subkey (subfolder).
Go into the "command" subkey (subfolder).
Change the (Default) string to this value:
"C:\path\to\mozilla.exe" -nosplash -url "%1"
Make sure to use the full path to mozilla or firefox. Also, keep the quotes.
To test, go to the run menu and type in an http:// URL. It should pop up a new mozilla window to the webpage.
Do the same thing for HKEY_CLASSES_ROOT\https and HKEY_CLASSES_ROOT\ftp to get the HTTPS and FTP protocol handlers as well.
Mail (mailto: links) is a little trickier. Use this guide [toast.net] for assistance.
Re:Wonder How Microsoft Will React (Score:5, Interesting)
I'm a long time IE (then myIE2) user and have just moved to Firefox. Some of the things as a long term IE user I dont like is:
- The default theme is horrible. After some digging I found Qute which is far nicer on apparantly used to be default. Why they changed it is silly.
- The installer has a checkbox for recommended plugins, but it isn't active. Probably due to it being less than version 1.0. I think that when it does become active it should be on by default. It is worth noting that although geeks love plugins, the normal user is somewhat slightly less ameniable to the idea (especially when the plugin is considered "essential").
- The settings aren't very newbie friendly. I found i had to take a lot of time setting it up. There are settings hidden away that I have to use "about:config". I should never have to do that - especially not for the ones which aren't completely obscure. It kind of reminds me of Linux (firefox) vs Windows (ie). One is more powerful and customisable, but you have to work a lot at it to get it the way you like. The other isn't, but comes with basic settings that 80% of users are happy with.
- Error messages in browswer is not on by default. Why not? Why is the setting hidden away? 1995 is not calling. Lets move on.
- The button bar has about 4 buttons. I don't think it's too much to have, by default, new tab, back, forward, stop, reload, home, bookmarks, history, print and downloads. Power users can remove them, beginners will be fine.
- Google search by default takes you to the "I feel lucky" page. What was wrong with the normal search?
- No good support for IE favourites. No wizard, for importing, no ability to automatically detect them (I had to export then from IE and import), no ability to use the IE method of storing bookmarks and retain compatibility with other parts of the OS that show my bookmarks. Hell, if you want people to migrate, make it easy for their bookmarks!
- Still can't work out how to make shift-click open into a new tab. One extension will allow this - but it doesn't work with the (practically essential) tabbrowser extensions.
- Loading times are slow. A splash screen that indicates it's loading would be nicer than sitting looking at my desktop wondering if I really did click the icon. Or faster loading times. But there is no option in the config for that. Looks like i'll have to dig again.
Having said all that though:- There is some neat functionality both with and without all the plugins. Although having said that I have no idea what the neat plugins are. It's often a case of pick what looks good and go for it.
- The adblock extension is very good.
- I like the way I can put folders into the links bar and they drop down with my websites. Especially the open all in tabs.
Now I'm sure I'll get 50+ posts of people telling me that I'm dumb, if I do x, y and z then I can get this, I just need to edit a file, I need to install this plugin, etc.etc. but the point is that I shouldn't need to post complaints to slashdot to get the answers, nor should i need to surf the web, use google or anything else.Nothing I've asked for is particulary difficult, it just makes migrating less painful.
But yes, Firefox is very good. Got a few rough edges in the userbility department, but very good.
Importing Favorites. (Score:4, Informative)
Either let it import them during installation (it will prompt you), or go to the File menu and click on Import...
I'll assume you're having just a bad day.
My problem is finding "Compose ONLY in plain text" in Thunderbird. If it's there, I can't find it.
Re:Importing Favorites. (Score:4, Informative)
It's not too obvious or intuitive. Go to Tools->Account Settings->[Your Account]->Composition and Addressing and de-select "Compose Messages in HTML Format" (This is for Thunderbird 0.7). I don't know why they put it here and not with the rest of the Compose options under Tools->Options. Oh, well.
Re:Importing Favorites. (Score:4, Interesting)
no ability to use the IE method of storing bookmarks and retain compatibility with other parts of the OS that show my bookmarks. Hell, if you want people to migrate, make it easy for their bookmarks!
--
I think this is the big issue here, IE is tied to the OS in many ways and bookmarks are one of them. Its not as easy as simply importing. The replacement browser should provide the neccassary hooks so that the OS can get at the bookmark list and use it as neccassary.
Re:Wonder How Microsoft Will React (Score:5, Informative)
- This has been debated to death by Mozilla fans. Just give it some time, or download another theme.
- Extensions will be included in 1.0, I think. But there's nothing really missing for someone switching from IE; most extensions are icing for power users.
- I find Firefox settings very nice for a beginner/someone switching from IE. If you need to dig into about:config, you're not a stereotypical user.
- Because they are not working right yet. Check bugzilla if you want to know the details.
- This, I agree with. I'd remove all the buttons immediately, but for people coming from IE, it would be useful.
- No idea, I have a keyword ('g') set up for google searching.
- Here, you're just wrong. The installer asks on install if you want to import settings from IE, and I believe there's also a menu item to do it later.
- That's because shift-click saves a page. Try ctrl-click.
- I find it is instantanious on my 900 MHz Athlon, but this depends a lot on your computer. For me, it's the opposite: IE draws the window borders, then sits there for a few seconds before I can do anything with it. And Firefox still speeds up with each release.
In short, you don't sound like a typical user; you're more likely a power user, and as a power user, you're expected to dig for a few options. Otherwise, the options dialog would be too overwhelming.Re:Wonder How Microsoft Will React (Score:5, Insightful)
May I ask why? Your users (family) are obviously telling you something: they don't like your solution. In addition, if you're actually deleting IE (not just removing the icon) you're probably breaking a lot of apps like Norton Antivirus that requires the MSHTML.dll (among others), making things worse.
Always make new software an option, not "trick" the user or remove their old software. Explain the reasons for the change and the benefits of the new software. If they don't find any, obviously your argument doesn't hold as much weight as you thought it would.
Re:Wonder How Microsoft Will React (Score:5, Insightful)
Its fairly simple where the blame lies here. With Microsoft. No matter how you view it, by not providing a patch, they are the ones to blame. If there was a patch avalible, then yes, blame the users.
If its still hard to see, consider this.
Say a car had a problem by which it would be easy to break into even when locked, without any signs of breakin. You would *expect* the manafacture of the car to recall all the cars and fix them. If they didn't then the blame (and possible lawsuits) lie with the manafacture.
Its the same with this instance. You would *expect* Microsoft to release a patch ASAP. They haven't and thus the blame lies with them.
NeoThermic
I thought ZD were MS shills (Score:4, Funny)
If ZDNet is saying to stop using IE things must be bad.
I have tried to depart from IE 2 or 3 times but failed. As soon as I type this message I make the move for good. Hello Mozilla.
Sam
Re:Wonder How Microsoft Will React (Score:5, Insightful)
Who I am beginning to hope will start to react to this kind of thing is our governments. As we depend on the WWW/Internet for so much of our daily lives, I think it's time for a summit to be called about improving the state of "Information Superhighway". This particular highway is beginning to look like one of these roads you hear about in Afghanistan where you can't get from point A to B without something nasty happening.
What we need is a solution to the monoculture of Microsoft and not just another fine (like what recently happened with he EU) that MS will just write off in their next quarterly statement. We need them to skip the fines and simply say: Fix your crappy software or we will shut you down. It will never happen, of course.
Re:Wonder How Microsoft Will React (Score:5, Informative)
That would work, but the article states that there are no patches as of yet for these two secuirty holes...
From the article:
"The researchers believe that online organized crime groups are breaking into Web servers and surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed."
NeoThermic
Re:Wonder How Microsoft Will React (Score:4, Informative)
Not sure what article you are reading (maybe it's changed?).
This one [com.com] (from ZDNET, which is the one linked to in the story) states:
"This time, however, the flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch."
FUD ? (Score:4, Insightful)
I however think that besides nda policy or whatever, they should give the names of the sites that should be avoided for security reason.
I'd personally advise the corporate DNS maintainer to redirect these to somwhere safer.
Don't Forget Opera (Score:5, Informative)
What's it going to take to make people switch? (Score:5, Interesting)
With these unpatched IE flaws in the wild, IE users don't even have to do something silly to get infected. But I suppose you could argue they are already doing something silly!
Re:Education (Score:5, Insightful)
--
Okay, here we go.
First, you need to download a decent web browser. The #1 cause of all that spyware is Internet Explorer allowing websites to automatically install things. (its from all that porn browsing you do.)
Try firefox. Its only 5 megs to download, and its the most simplistic web browser available. You will get no popups. Its very popular, even among non-computer-obsessed folk. My mom uses it.
http://ftp.mozilla.org/pub/mozilla.org/firefox/
Now, I assume you are getting wacky popups and stuff, even when not webbrowsing.
You need to install some spyware killers.
I reccomend Spybot and adaware. These two are will rip through your pc, killing spyware dead. Blam. It may kill some software you like, but its for the better. There will be something out there that can replace anything you have to get rid of. Oh no, no more gator cursors. Whatever. Deal with it, or dont get online ever again.
http://www.safer-networking.org/index.php?page=
http://www.lavasoftusa.com/software/adaw
If those sites arnt working, you can always try "spybot download" and "adaware download" in google.
Then, on top of THOSE. (I know, I know) You need to run a virus scan proggy. Try AVG, its free and better then McAffe
http://www.grisoft.com/us/us_dwnl_free.ph
and last, but almost definitely not least, Windows Update.
Open up IE (you have to use IE for this) and go to www.windowsupdate.com Have MS scan your computer and install all the security stuff. Then reboot. This may take a long, long time, but it is the most crucial step.
comprehensive enough?
--
This could finally be it (Score:5, Insightful)
But as bad as this may be this might also mean that finally more and more people and institutions will come to the conclusion, that a global infastrcuture depending on one product from one company simply isn't the way to go. Especially if this company has such a horrid track record when it comes to security.
Re:This could finally be it (Score:5, Funny)
one thing I never get... (Score:4, Insightful)
What really happens... (Score:5, Informative)
Re:What really happens... (Score:5, Interesting)
This isn't a new technique, I remember the web development agency I worked for a few years back being caught out by a similar effect. A co-worker took some work home with him, and his (unpatched, unfirewalled, broadband-connected) IIS installation was infected. When he synced up with us the next morning, he infected about two hundred websites, some of them were very high profile. Hundreds of thousands of users were exposed.
It was a stupid company, and I was always trying to get them to change policies that let things like this happen. When we started getting phonecalls from clients about this, the owner blamed stupid kids with too much time on their hands, and said we had absolutely nothing to do with it, couldn't be blamed, etc. All our clients fell for it, hook line and sinker. I think the owner had himself convinced by the end of the day (he was the type that refused to accept he was capable of screwing up).
It's a sad state of the industry that we were responsible for infecting thousands of people and we got away with it scot-free.
They won't list the sites (Score:5, Insightful)
"There's a pretty wide variety," he said. "There are auction sites, price comparison sites and financial institutions."
The Internet Storm Center, which monitors Net threats, confirmed that the list of infected sites included some large Web properties.
"We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched," the group stated on its Web site.
WHY NOT? I've been trying to think of a reason NOT to list the sites infected, but I can't think of a good one. "To prevent further abuse"???? Wouldn't giving the public NOTICE about these sites help prevent more infections by having people NOT go to those sites?
public health comparison? (Score:4, Insightful)
If there was a public health risk - such as biohazardous material - even in a private storefront - the city or state would close off the area and warn people not to go there. Yes, you might have people wanting to go anyway, but they've been warned.
I know the analogy isn't all that great, but it's the best I can do right now.
Re:public health comparison? (Score:4, Insightful)
Because it would make me ANGRY (Score:5, Insightful)
Re:They won't list the sites (Score:5, Insightful)
Nope, I think the real reason is protecting the businesses.
Even if the sites' admins had aleady removed the infecting code, a "dangerous sites" list like that would likely prevent many potential visits to the site for weeks to come.
RTFA "To prevent further abuse" (Score:5, Insightful)
What if it is a Zero day exploit on IIS. There is no fix yet. Admins are struggling to clean the servers, but have no clue if what they did to prevent whatever is going on, actually works. Criminals all over the world will be searching for clues on what the exploit is and will want to actively exploit it as well. We don't know what is going on, so it might be possible to put a nice little rootkit undetectible on the server and later use it for interesting purposes. By not naming the sites they are putting an extra, albeit thin, layer of protection around the sites. The list of websites for criminals to target, will be much longer than it could have been if each and every site that was affected would be named on the internet. Most sites are (hopefully) clean right now, so the public is not at risk, but until we know what goes on, the server sure is.
Security Advisories (Score:5, Informative)
Opera? Firefox? IE.....hell no (Score:5, Interesting)
Hmmm.... (Score:4, Interesting)
Re:Hmmm.... (Score:4, Funny)
"I swear, I never go to those sites, only the major ones."
This just in... (Score:5, Funny)
Ask Microsoft (Score:5, Informative)
Linked to from their home page, has been for quite a few hours. Gives more information, including an inference that the server portion is self propogating, and that (contract to
Hello? Use Firefox! (Score:4, Insightful)
But How Many People Will Switch? (Score:5, Insightful)
He'd rather have me wipe spyware and adware from his machine than deal with it. It's a symptom of having w3schools.com graduates making web sites in Frontpage that only work on front page.
Of course, now IE doesn't work at all, so he runs AOL through his broadband connection to surf the Internet.
And yes, I have since stopped wiping adware/spyware from his machine. I told him if he wasn't going to buy a machine that didn't get the stuff, or use a browser that was secure, he can deal with it himself.
How to kill it (Score:5, Informative)
No security restrictions in IE will stop it.
I caught it here:
http://www.yetanotherhomepage.com/j7xx/j7x
There's a reason that this one isn't a link.
I killed mine like this (Windows 2000):
Delete these:
C:\Winnt\System32\Swin32.dll
C:\Winnt\Sy
C:\Winnt\System32\Trans.exe
And this:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wind
[Adstartup] C:\Winnt\System32\Automove.exe
Seek and destroy Swin32.dll in the registry
Take out all of the CLSIDs it occurs in.
Infected ferociously (Score:5, Interesting)
I call bullshit (Score:5, Insightful)
I don't buy it.
If your goal is to have the problem fixed, then name names, contact the affected companies so they can fix it (or have their contracted webmasters fix it) and move on.
The whole thing stinks of FUD tactics, and the last line in the article seals it for me: Puleeeeeze
--
Undisclosed sites? (Score:4, Interesting)
This reeks of criminal negligence IMHO, they know of a crime, and they wont tell how or who will do it to you..
"/Dread"
not detected by AV software? (Score:5, Interesting)
Why isn't spyware classified as viral code? I realize it doesn't spread in the same manner as a virus, but it a) installs itself uninvited b) causes the PC and its software to behave erratically and c) makes my job needlessly more difficult. It bothers me that virus scanners aren't picking up spyware.
Anyway, to bring this back on topic, this situation requires a server side fix. I'm sorry, I can't tell every customer to switch browsers. I can't even get my internal users to switch. Most can't, because of some oddly coded piece of software that only runs in IE. My point is, my boxen might be infected right now. Not caught by AV software, how am I supposed to determine whether this thing lives on my server?
How to tell and Fixes (Score:5, Informative)
The Internet Storm Centre [incidents.org] has good information about what will be on your box if you're already infected. I think they're in \winnt\system32\inetsrv
Sorry about the duped links but more fixes, less FUD please. Yes, evil empire blah blah blah, but how about we tell people how to fix the problem instead?
Liability of sites that recommend IE? (Score:5, Interesting)
Any thoughts from the more legally minded amongst us?
Is it an IE only exploit? (Score:5, Interesting)
My question is, how do we know this is an IE-only problem? I ask this because I have several friends whom I'm trying to convince try an alternative browser for security reasons but I don't want to be that guy we all know who goes off about "IE exploits" that turn out to be nothing of the sort.
Re:Is it an IE only exploit? (Score:5, Informative)
Re:Is it an IE only exploit? (Score:4, Informative)
Another nail in Javascript's coffin (Score:4, Interesting)
It won't be long before Javascript is considered a complete security risk and it's the web developers who are going to suffer. Despite the rantings of sysadmins who don't touch web development it is actually a very useful language to supplement HTML.
Javascript menus and first pass form validation, anyone?
Re:Another nail in Javascript's coffin (Score:4, Interesting)
I've worked in an environment before (a corporate centre for a major UK bank) where javascript was stripped from downloaded web pages at the firewall.
Microsoft's Response (Score:5, Informative)
Can anyone tell me how to develop for Mozilla then (Score:5, Informative)
All it has to do is read in a dictionary file, then catch the 'new page loading' event, perform morphological analysis on the page, and edit the page as it loads to include ruby tags and/or something to display definitions in the toolbar. That's it! It's fairly computationally intensive and sometimes the right html to insert at a given point is a bit of a guessing game, but it's not rocket science. But HOW THE FORK DO I DO IT IN MOZILLA??
PS Yes I have rtfm and no I cannot implement the analysis algorithm usefully in javascript and yes I do have to insert ruby tags, as well as regular javascript that talks back to the plugin, into the page on the fly.
Considering the amount of research that seemed necessary to get it working in the minefield of IE, I expected that I would be quite capable of figuring it out in mozilla, but it just seems to be an order of magnitude harder.
I would be grateful for advice (eg a pointer to a similar project). Or failing that, remarks on the lines of 'if u cant use mozilla u r lame u lame wind0z3 lu20r hehe l8trz' would also be fine.
Re:Can anyone tell me how to develop for Mozilla t (Score:5, Informative)
Basically: create an XPCOM component in C++ (if JavaScript or Python are too slow for you) which performs the computation. Mark your XPCOM interface as scriptable, use the typelib compiler to expose it to javascript then pass in the browser DOM so it can be edited by your component. Then write an extension to catch "page loaded" and pass the DOM to the loaded XPCOM component. I think that should work.
Re:Can anyone tell me how to develop for Mozilla t (Score:5, Informative)
Studying this source might be useful for your own project.
The exploit installs fun stuff (Score:5, Informative)
Seems like a nice keylogger. It also installs another trojan. Virus vendors seem to be getting on the ball. Also the site which distributes the payload is currently dying under the load. The virus is apparently bit too succesful for it's own good.
What about this? (Score:5, Informative)
So any server that allows posting of graphics (eBay, many discussion forums, etc) can be "infected". Even those running Linux. The only solution is to stop using IE and pray that Firefox, Mozilla, Opera, etc. exploits are few and far between. Article on graphics exploit here [eweek.com].
Re:What about this? (Score:4, Informative)
The Google Toolbar & Such (Score:4, Interesting)
Re:The Google Toolbar & Such (Score:4, Informative)
http://googlebar.mozdev.org/
And please name a few sites that only work with IE.
what is it missing? (Re:The Google Toolbar & S (Score:5, Informative)
I can't operate without the google toolbar, which has no complete mozilla equivalent.
Um, what exactly is the mozilla google toolbar (http://googlebar.mozdev.org/ [mozdev.org]) missing that you can't do without?
Remember, it doesn't need popup blocking (Mozilla does that itself).
0-day? (Score:5, Funny)
Keep those 0-day exploits coming, boys.
IE was a great friend... (Score:4, Funny)
Old news (Score:4, Informative)
Mozilla switch starting? (Score:4, Interesting)
Jan: IE 73%, Mozilla 12%
Feb: IE 76%, Mozilla 15%
Mar: IE 75%, Mozilla 16%
Apr: IE 75%, Mozilla 16%
May: IE 71%, Mozilla 19%
Jun: IE 71%, Mozilla 20%
And for some historical reference, in July of 2003 I saw: IE 78%, Mozilla 11%.
Why alternative browsers may not be possible (Score:5, Informative)
I'm not talking simple forms here, this for Foreign Exchange transactions.
Certificates, multiple passwords, encryption...all moot
Re:Why alternative browsers may not be possible (Score:5, Informative)
Sounds like your IT director has done a horrible job and should be fired.
You would have been much better off implementing that stuff in a browser agnostic, standards compliant way, using Java for any heavy lifting required.
NetSec's Houlahan advocated drastic action: (Score:5, Insightful)
Uh, use a different browser...remind me to never buy anything NetSec says (whoever they are)or sells henceforth.
Google provides a nice list of sites (Score:4, Informative)
Mozilla/Firefox issues (Score:4, Interesting)
True this particular exploit didn't affect Mozilla/Firefox, but it is certainly possible that something similar might in the future.
So, with that in mind, what new security features would help make Mozilla/Firefox even safer and better?
These come to my mind:
- A trusted site list to which I can easily add the current site, and indicate whether it can load images, run scripts and/or download applets.
- An option that will pop up a dialog asking for permission if an untrusted site tries to do any of the above.
- Some type of "zone" concept similar to IEs so that internal (company) sites can have more privileges than external sites.
- Capability of central administration and control (in a business setting) so that users can easily be protected from themselves in a business or large network environment.
Thoughts? Can some or all of this be easily implemented as Firefox extensions?If Mozilla/Firefox is clearly a better, more secure solution, it will gain marketshare rapidly.
The solution to every web problem in Windows (Score:5, Informative)
Base: An up to date host file [mvps.org]. This can probably block 95% of web nasties, regardless of source, yet is overlooked by most people.
Second: Proxomitron [proxomitron.info]. The second browser-independent tool, it's a relatively little-known local proxy that filters the crap (including more ads than virtually every other solution) from a webpage before feeding it to your browser. Also handily removes most of the ActiveX and Javascript that causes these exploits. I simply cannot recommend it enough. In addition, it's fully configurable, and there are plenty of people out there who will write custom filters [computercops.biz] to get rid of any sort of ad that slips through.
Third: Firefox [mozilla.org]. I hesitate to suggest Opera because I don't feel it's as high a quality a product, and is closed-source, meaning it could be almost as susceptible to this stuff as Internet Explorer, should the bad guys aim their sights on it.
Fourth: In-browser plugins such as Adblock [mozdev.org], which probably won't do much to stop this particular problem, but are nice to have around regardless.
Re:what sites are infected? (Score:5, Insightful)
Avoid them? Hell, I'd start by blocking them on my web proxy immediately until I get the all clear. We've got thousands of desktop users running IE. This could get nasty.
Re:MSN Search is infected (Score:5, Informative)
AVG free edition [grisoft.com] sygate personal firewall [sygate.com] and Spybot seach and destroy [google.com] (site down) will complete your collection nicely. Might want to have a look at Hijack this [spywareinfo.com] and this tutorial [wizardsofwebsites.com] as well.
Yes, this is a lot of work for the price of keeping windows running. Some people don't have a choice... Me, as soon as my favourite IDE [vim.org] gets ported to Linux, I'll swap ;-)
Seriously though, if there are any other tools you guys use to try and keep windows secure, please share.
Re:Firefox (Score:4, Interesting)