Slashdot Mirror

← Back to Stories (view on slashdot.org)

Corporate Servers Spreading IE Virus [Updated]

Posted by CowboyNeal on from the ill-and-infectious dept.

uncadonna writes "ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms." Update: 06/25 14:50 GMT by J : A reader points out Microsoft's What You Should Know page. Here's the short version for avoiding this Critical severity attack: you must install add-on software, and change multiple settings in multiple programs, thus causing "some Web sites to work improperly." By changing more settings, you can regain functionality for a particular site if "you trust that it is safe to use," which you have no way of knowing. Or try Firefox. Update: 06/25 19:30 GMT by J : Reuters reports the attack installs a keysniffer which can steal credit card numbers, passwords, and so on. The story offers safety tips, but fails to mention that, after patching the hole, many users will be infected without their knowledge. Shouldn't the "fix" include ceasing to type anything important into your computer until you purchase software which can detect and remove the Trojan? And will you be downloading that software with Mastercard or Visa?

3 of 1,028 comments (clear)

  1. damn, am I vulnerable... by SQLz · · Score: 0, Redundant

    Hell no, I use Linux. I don't have MS Office or tons of games but god damn it, I haven't had a virus, spyware, or trojan since I switch.

  2. XP SP2 RC2 by jamesl · · Score: 1, Redundant

    From Microsoft:
    Microsoft
    *Important* Customers who have deployed Windows XP Service Pack 2 RC2 are not at risk.

  3. A shift at the help desk would change your mind... by gumpish · · Score: 0, Redundant

    If you rename and change the icon for mozilla to fool people who only want to use IE into thinking it's IE, then you are lying. If you can't understand the difference between lying and statements that are slighly incorrect when interpreted literally, but have a meaning that is generally understood, then you have serious ethical problems.

    I would gladly engage you in a conversation about what constitutes a lie, however there is a larger point:

    • Clearly you have never had to provide support to the average Internet Explorer user.
    • You are therefore not qualified to make any comments on the techniques employed to switch those users to a less vulnerable product.