Don't Visit Websites With Microsoft IE

from the as-if-you-didn't-know-this-was-coming... dept

It really is getting ridiculously dangerous these days for anyone to keep using Microsoft IE. People always talk about the day when scammers will start to use "zero day exploits" to smash through security holes before they're patched, and that's clearly already happening. The latest move, which is fairly advanced (and many assume is being done by organized crime groups in Eastern Europe) is to hack into a variety of popular company websites and install some code to exploit a known IE vulnerability that has not been patched by Microsoft. Once this is done, any IE user visiting any of these websites (which they obviously would assume to be safe based on the companies involved) ends up with some of the most insidious keylogging spyware. The article won't list the companies, but from the descriptions they sound like sites anyone might visit on a regular basis (banks, auction sites and comparison shopping engines). This sounds quite similar to the Interland hack from last year, but could impact many more users.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Justin, 25 Jun 2004 @ 7:02am

    surfers are safe

    According to the original source at Internet Storm Center, there are 2 different infections going on. M$ IIS servers are vulnerable to an exploit that is undetectable by current virus scanners. However, visitors to infected servers are safe, because a separate method of infection is used there: a common JavaScript exploit, and a common trojan horse is downloaded. The trojan horse IS detected by current virus scanners, it's a "known" trojan horse.

    Don't get me wrong, I do use and prefer Firefox. There's just been a lot of misunderstanding about this current development, and only because CNET, Slashdot, Techdirt, aren't reading the Internet Storm Center article carefully.

    reply to this | link to this | view in chronology ]

    • icon
      Mike (profile), 25 Jun 2004 @ 8:36am

      Re: surfers are safe

      The note about AV software blocking this was added later after they were updated... It wasn't an issue of not reading it carefully, but reading it too early.

      reply to this | link to this | view in chronology ]

  • identicon
    dorpus, 25 Jun 2004 @ 8:12am

    What if

    There are even more insidious bugs for non-IE browsers, and no one realized it? Maybe such users start getting mysterious bills from collection agencies, their kids disappear, ....

    reply to this | link to this | view in chronology ]

    • identicon
      thecaptain, 25 Jun 2004 @ 11:57am

      Re: What if

      Well I for one would LOVE to see you back that up...I mean it pays to stay well informed.

      So you got any concrete info to these insidious bugs that we can look up?

      reply to this | link to this | view in chronology ]

      • identicon
        dorpus, 25 Jun 2004 @ 12:28pm

        Re: What if

        I would say you just demonstrated the biggest security flaw of non-IE browsers: its users chauvinistically refuse to believe there can be any security holes.

        But e.g.

        http://www.squarefree.com/burningedge/

        talks about a "firefox security hole", dated June 15th. If these other browsers are so bulletproof, how come they keep coming out with new versions?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Jun 2004 @ 4:59pm

          Re: What if

          Yep. The more people switch to other browsers the more those browsers' vulnerabilities are going to be attacked. I wonder how long until IE is the safest browser again because no one attacks it because no one uses anymore it since it's so unsafe.

          reply to this | link to this | view in chronology ]

          • identicon
            Adam, 25 Jun 2004 @ 5:11pm

            Re: What if

            Exactly. Blaming Microsoft for all the world's Internet security problems is fallacious. If Opera was used by 90% of the computers there would be just as many, if not more exploits.

            reply to this | link to this | view in chronology ]

        • identicon
          thecaptain, 25 Jun 2004 @ 7:28pm

          Re: What if

          I'm sorry if you got the wrong impression...but I don't deny or refuse to believe there ARE security holes in Non-IE browsers.

          I just wanted you to back your statement.

          However I DO believe that Mozilla fixes its holes way faster than IE *AND* that on average its holes are way smaller than IE which basically lets everyone run roughshod over the whole OS.

          You will note that the hole I believe you are mentionning isn't Mozilla-only AND that its been fixed already in Firefox.

          Anyway...

          reply to this | link to this | view in chronology ]

  • identicon
    Galley, 26 Jun 2004 @ 7:25am

    ActiveX

    Is any of this stuff done with ActiveX?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.