Don't Visit Websites With Microsoft IE

from the as-if-you-didn't-know-this-was-coming... dept

It really is getting ridiculously dangerous these days for anyone to keep using Microsoft IE. People always talk about the day when scammers will start to use “zero day exploits” to smash through security holes before they’re patched, and that’s clearly already happening. The latest move, which is fairly advanced (and many assume is being done by organized crime groups in Eastern Europe) is to hack into a variety of popular company websites and install some code to exploit a known IE vulnerability that has not been patched by Microsoft. Once this is done, any IE user visiting any of these websites (which they obviously would assume to be safe based on the companies involved) ends up with some of the most insidious keylogging spyware. The article won’t list the companies, but from the descriptions they sound like sites anyone might visit on a regular basis (banks, auction sites and comparison shopping engines). This sounds quite similar to the Interland hack from last year, but could impact many more users.


Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Don't Visit Websites With Microsoft IE”

Subscribe: RSS Leave a comment
9 Comments
Justin says:

surfers are safe

According to the original source at Internet Storm Center, there are 2 different infections going on. M$ IIS servers are vulnerable to an exploit that is undetectable by current virus scanners. However, visitors to infected servers are safe, because a separate method of infection is used there: a common JavaScript exploit, and a common trojan horse is downloaded. The trojan horse IS detected by current virus scanners, it’s a “known” trojan horse.

Don’t get me wrong, I do use and prefer Firefox. There’s just been a lot of misunderstanding about this current development, and only because CNET, Slashdot, Techdirt, aren’t reading the Internet Storm Center article carefully.

dorpus says:

Re: Re: What if

I would say you just demonstrated the biggest security flaw of non-IE browsers: its users chauvinistically refuse to believe there can be any security holes.

But e.g.

http://www.squarefree.com/burningedge/

talks about a “firefox security hole”, dated June 15th. If these other browsers are so bulletproof, how come they keep coming out with new versions?

thecaptain says:

Re: Re: Re: What if

I’m sorry if you got the wrong impression…but I don’t deny or refuse to believe there ARE security holes in Non-IE browsers.

I just wanted you to back your statement.

However I DO believe that Mozilla fixes its holes way faster than IE *AND* that on average its holes are way smaller than IE which basically lets everyone run roughshod over the whole OS.

You will note that the hole I believe you are mentionning isn’t Mozilla-only AND that its been fixed already in Firefox.

Anyway…

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...