Corporate Servers Spreading IE Virus [Updated]

uncadonna writes "ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms." Update: 06/25 14:50 GMT by J : A reader points out Microsoft's What You Should Know page. Here's the short version for avoiding this Critical severity attack: you must install add-on software, and change multiple settings in multiple programs, thus causing "some Web sites to work improperly." By changing more settings, you can regain functionality for a particular site if "you trust that it is safe to use," which you have no way of knowing. Or try Firefox. Update: 06/25 19:30 GMT by J : Reuters reports the attack installs a keysniffer which can steal credit card numbers, passwords, and so on. The story offers safety tips, but fails to mention that, after patching the hole, many users will be infected without their knowledge. Shouldn't the "fix" include ceasing to type anything important into your computer until you purchase software which can detect and remove the Trojan? And will you be downloading that software with Mastercard or Visa?

Re:Security Advisories

[Jarnis]

US-CERT is giving bullshit advice.

Basically they are saying 'this thing uses javascript, so users should disable javascript unless absolutely neccessary'.

Only problem being that I bet lots of the big name sites compromised require javascript.

Depending on what the payload does, this could turn nasty before monday.

0-day exploits in widely used closed source software being exploited for malicious purposes = fun.

Little things

[SeanDuggan]

Honestly, I've not really made the switch myself. The main reason is actually kind of petty, hotkeys. I've become very used to things like shift-clicking a link to bring up extra pages or hitting ctrl-enter after typing in a word to add the http://www. and .com to it. I've been working with IE for long enough that it's second nature to use those keys. Yes, I'm sure that other browsers have ways to do these things, but one gets used to not having to think browsing the web, so learning new keys feels like a fair burden.

My second problem is games. ^_^ I play Robo Runner, an online game similar to Robo Rally. Yes, there are some browser modifications to run this via Mozilla, but it doesn't work straight out of the box, something which is probably even more inexplicable to the average user who never messes with their settings.

Meh, mainly it's laziness. IE works. I haven't had spyware in ages between my anti-virus program and occasionally running Ad-Aware. Probably helps that I (almost) never blindly click yes to dialog boxes which pop up...

what?

[kingstalemuffins]

IE has secuirty holes? Since when?

Re:But How Many People Will Switch?

[stubear]

How about you learn how to use the fucking computer yourself? I've been using Windows since 2.0 and have gone through 3.1 and Windows 95 before switching tracks to NT 4, 2000 and now XP. I haven't gotten a virus on my computer since using Windows 95 and the only reason I got those was by using the computer labs on campus (had to for my animation, digital imaging, and midi classses) and using zips and floppies to transfer data back and forth.

How do I keep my system free from these problems? I run MBSA every now and then, I have Widows download and notify me when updates are ready, I check Windows Update about twice a month as well, I use Norton AntiVirus to scan my system once a week and have LiveUpdate check for and install new updates every day, I have an MN700 Firewall/ Router and I use the Windows Firewall as a back-up and notification utility, and lastly I set IE security properly so as to avoid these problems altogether (goes for Outlook as well).

I am by no means a computer geek, I am simply a graphic designer who relies on my PC to work on a daily basis and so far it has flawlessly. If you don't want to take the time to learn how to use Windows, fine, but don't tell the world that Windows sucks when you simply have no clue what you are talking about. I spend maybe an hour a month on all of this because most of it checks my system in the background without my involvement. If you can't be bothered to spend an hour a month on securing your system then nothing, and I do mean nothing, is going to stop you from getting viruses, trojans, and spyware.

Re:Firefox

[fr0dicus]

You're trolling right? Opera is still 12 months behind IE!

Opera vs Firefox

[prandal]

Every time a new version of Opera comes out, I duly install it on my PC and give it a whirl. And I end up sticking with Firefox.

Opera is ClutterWare. It's user interface sucks big time. And in my testing, it's nowhere near as standards-compliant as Firefox.

Give me lean, clean, amd mean fiery foxes any day.