Slashdot Mirror
Corporate Servers Spreading IE Virus [Updated]
uncadonna writes "ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via
several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms." Update: 06/25 14:50 GMT by J : A reader points out Microsoft's What You Should Know page. Here's the short version for avoiding this Critical severity attack: you must install add-on software, and change multiple settings in multiple programs, thus causing "some Web sites to work improperly." By changing more settings, you can regain functionality for a particular site if "you trust that it is safe to use," which you have no way of knowing. Or try Firefox. Update: 06/25 19:30 GMT by J : Reuters reports the attack installs a keysniffer which can steal credit card numbers, passwords, and so on. The story offers safety tips, but fails to mention that, after patching the hole, many users will be infected without their knowledge. Shouldn't the "fix" include ceasing to type anything important into your computer until you purchase software which can detect and remove the Trojan? And will you be downloading that software with Mastercard or Visa?
http://www.mozilla.org
You heard the man.
Go get Firefox Firefox now!
And I also wonder how many people will actually heed the call and switch their browser.
However, I doubt Microsoft will do anything for at least two months. Hopefully by then a major news source will pick up the story and everyone will hear it.
They don't mention that much names.
I however think that besides nda policy or whatever, they should give the names of the sites that should be avoided for security reason.
I'd personally advise the corporate DNS maintainer to redirect these to somwhere safer.
Trolling using another account since 2005.
Opera also offeres a very decent alternative to both IE and Mozilla/Firefox.
I spent ages trying to think of sig, but never did
I think I'll just have to be content that great browsers like Firefox are available for me to use, because obviously the masses are never going to be interested.
With these unpatched IE flaws in the wild, IE users don't even have to do something silly to get infected. But I suppose you could argue they are already doing something silly!
Homme petit d'homme petit, s'attend, n'avale
The disaster we all knew was going to happen. Not just some uber1337 script kiddie releasing a buggy worm that crashes the computers it attacks but organized crime attacking the net infrastructure.
But as bad as this may be this might also mean that finally more and more people and institutions will come to the conclusion, that a global infastrcuture depending on one product from one company simply isn't the way to go. Especially if this company has such a horrid track record when it comes to security.
...that enough people buy spam goods to pay for organized crime.
Since the article is very vague, what happens is that once they compromise the IIS server, they modify each site on the server to write a document footer to every page. The document footer calls a DLL placed in the %windir%\system32 directory. The DLL writes a line of JavaScript to each page which redirects the user to a remote server to download the malicious code.
This time, however, the flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch. Moreover, the infectious Web sites are not just those of minor companies inhabiting the backwaters of the Web, but major companies, including some banks, said Brent Houlahan, chief technology officer of NetSec.
"There's a pretty wide variety," he said. "There are auction sites, price comparison sites and financial institutions."
The Internet Storm Center, which monitors Net threats, confirmed that the list of infected sites included some large Web properties.
"We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched," the group stated on its Web site.
WHY NOT? I've been trying to think of a reason NOT to list the sites infected, but I can't think of a good one. "To prevent further abuse"???? Wouldn't giving the public NOTICE about these sites help prevent more infections by having people NOT go to those sites?
creation science book
US-CERT and Internet Storm Center. Less talk, more information.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
I know its not fashionable around these parts, being closed source, but Opera (www.opera.com) really is the bees knees. On my machine it renders faster, everything is snappier than mozilla/firefox and has more features than you can shake Darl Mcbride at. Its not free, true, but costs about the same as a pop-up blocker for Internal Exploder Plus, Operas built in mail client is wonderful Not that Im badmouthing firefox, I have that too, I just like Opera even better
I've always wondered how my coworkers who "only" go to major sites like Yahoo and Ebay, pick up all sorts of spyware and adware.
It has just been brought to our attention at the root of the problem this site
flinging poop since 1969
Any word on whether or not hotmail is infected? That could be ugly.
The MSN search engine is infected.
You can download the trojan from here:
http://search.msn.com/msits.exe
all I get is a zero sized file..
http://www.microsoft.com/security/incident/downloa d_ject.mspx
/.) that a patched PC is safe.
Linked to from their home page, has been for quite a few hours. Gives more information, including an inference that the server portion is self propogating, and that (contract to
Read reviews of shopping cart software
Christ man, how many times do people have to be told to use Firefox or another alternative, more secure browser? IE's browser development efforts have been long gone, and it shows in both features/functionality as well as security.
He'd rather have me wipe spyware and adware from his machine than deal with it. It's a symptom of having w3schools.com graduates making web sites in Frontpage that only work on front page.
Of course, now IE doesn't work at all, so he runs AOL through his broadband connection to surf the Internet.
And yes, I have since stopped wiping adware/spyware from his machine. I told him if he wasn't going to buy a machine that didn't get the stuff, or use a browser that was secure, he can deal with it himself.
I'm in the hole of the broadband donut.
I think this is the one I caught at work.
x .html ;)
s tem32\Automove.exe
o ws\Curr entVersion\Run
No security restrictions in IE will stop it.
I caught it here:
http://www.yetanotherhomepage.com/j7xx/j7x
There's a reason that this one isn't a link.
I killed mine like this (Windows 2000):
Delete these:
C:\Winnt\System32\Swin32.dll
C:\Winnt\Sy
C:\Winnt\System32\Trans.exe
And this:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wind
[Adstartup] C:\Winnt\System32\Automove.exe
Seek and destroy Swin32.dll in the registry
Take out all of the CLSIDs it occurs in.
It's never too late to have a happy childhood.
Replying to my own post: :)
:)
If there was a public health risk - such as biohazardous material - even in a private storefront - the city or state would close off the area and warn people not to go there. Yes, you might have people wanting to go anyway, but they've been warned.
I know the analogy isn't all that great, but it's the best I can do right now.
creation science book
I was wondering where I got this from. I spent 4 hours removing Malware from my computer the other day. Since I don't tend to visit pr0n sites at work, I had know idea how I was so badly infected until now... Ad-aware, spybot, and Nortons did not find the evil software. My process list was filled with MANY unkillable process with random names. Every time I killed one, it would start again with a new name. I found the executables on my drive and deleted them, they would RE-CREATE themselves!! Also, it looked like one of the installed viruses(?) would download new Malware! I was wondering, is this a virus? is it spyware? It was hard to classify as far as I could tell and it SUCKED.
Word to me.
I don't buy it.
If your goal is to have the problem fixed, then name names, contact the affected companies so they can fix it (or have their contracted webmasters fix it) and move on.
The whole thing stinks of FUD tactics, and the last line in the article seals it for me: Puleeeeeze
--
In the future, people will just "firewall" off offending countries until they start policing and clean up their act. Sort of like UN sanctions but online :)
;P
Besides... AKs aren't allowed over here
WTF is that? So it can infect the rest of the world?
This reeks of criminal negligence IMHO, they know of a crime, and they wont tell how or who will do it to you..
"/Dread"
This "virus" is not detected by antivirus software, according to the article. Does anyone know why? I run eTrust on my IIS boxen. (yes, I have a few, no I didn't put them there, no, they shouldn't be there, but our dev team wants ASP) Etrust is a fine product, but supposedly this offending code isn't detected. That bothers me a little, but this leads to another question.
Why isn't spyware classified as viral code? I realize it doesn't spread in the same manner as a virus, but it a) installs itself uninvited b) causes the PC and its software to behave erratically and c) makes my job needlessly more difficult. It bothers me that virus scanners aren't picking up spyware.
Anyway, to bring this back on topic, this situation requires a server side fix. I'm sorry, I can't tell every customer to switch browsers. I can't even get my internal users to switch. Most can't, because of some oddly coded piece of software that only runs in IE. My point is, my boxen might be infected right now. Not caught by AV software, how am I supposed to determine whether this thing lives on my server?
There is no reasonable defense against an idiot with an agenda
:wq
So many places say "this site best when viewed with IE." IANAL, but it seems irresponsible for a site to recommend IE, especially if site handles sensitive materials such as financial services or downloadable software. If IE includes known vulnerabilities, can sites be held liable for making that recommendation?
Any thoughts from the more legally minded amongst us?
Two wrongs don't make a right, but three lefts do.
The original post mentions a "combination of two unpatched IE security holes", but both the US-CERT and Internet Storm Center only mention javascript and not a specific browser as being able to be compromised by the infected IIS servers.
My question is, how do we know this is an IE-only problem? I ask this because I have several friends whom I'm trying to convince try an alternative browser for security reasons but I don't want to be that guy we all know who goes off about "IE exploits" that turn out to be nothing of the sort.
It won't be long before Javascript is considered a complete security risk and it's the web developers who are going to suffer. Despite the rantings of sysadmins who don't touch web development it is actually a very useful language to supplement HTML.
Javascript menus and first pass form validation, anyone?
Avoid them? Hell, I'd start by blocking them on my web proxy immediately until I get the all clear. We've got thousands of desktop users running IE. This could get nasty.
What You Should Know About Download.Ject
Corporations
Home users
And make sure IIS dudes applies all former patches!
...that my mother has been running Gentoo on her desktop machine for three weeks now.
Just yet another "security" problem than I won't have to care about. Ahhhh.
Help more people switch to mozilla/firefox. Mozilla hacker Blake Ross has started a weekly brainstorming effort for firefox marketing ideas on his weblog. Go thither and chime in. I just did.
I have thought for years that Ziff-Davis were Microsoft Shills. [I don't mean all MS software is bad, I just mean Ziff-Davis seemed impervious to facts in their reviews]
If ZDNet is saying to stop using IE things must be bad.
I have tried to depart from IE 2 or 3 times but failed. As soon as I type this message I make the move for good. Hello Mozilla.
Sam
blog.sam.liddicott.com
...the uneducated user. Let's face it: the internet has been sold as this great tool and all you need to get on it is a PC and a phone line, cable, or whatever. If you preach the need for basic education, you are some kind of geek (how often have you heard, "I don't want to know all that, I just want to get online!") and if you make even the slightest suggestion that some people just don't belong online due to their own lack of common sense, you are some kind of elitist (try telling people to use the BCC option of their e-mail client instead of CC'ing everyone in their address book and see what kind of reaction you get). As a previous poster said, it is, once again, unpatched systems that are causing the problem. And here's the chorus now, "I didn't know! No one told me! It's not my fault!" And we, of course, will pick up the pieces.
Don't be a looter...and yes, I know that it's spelled with an "A" instead of an "E".
This is nonsense, their search engine will return a zero byte file if the URL ends in .exe instead of a 404 page. I have no idea why.
Try:
http://search.msn.com/blah.exe
The MSN search engine is infected.
You can download the trojan from here:
http://search.msn.com/msits.exe
There is no file there
Maybe someone at MSN Search reads slashdot?
Hello? If you're reading this Mr MSN Search, you might like to check out this cool site.
"Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
I really wish I could switch to Mozilla (ok, Firefox). My co-workers are switching to Firefox. My users are switching to firefox. But I can't, because I have no idea how to implement my pet project as a mozilla-type plugin.
All it has to do is read in a dictionary file, then catch the 'new page loading' event, perform morphological analysis on the page, and edit the page as it loads to include ruby tags and/or something to display definitions in the toolbar. That's it! It's fairly computationally intensive and sometimes the right html to insert at a given point is a bit of a guessing game, but it's not rocket science. But HOW THE FORK DO I DO IT IN MOZILLA??
PS Yes I have rtfm and no I cannot implement the analysis algorithm usefully in javascript and yes I do have to insert ruby tags, as well as regular javascript that talks back to the plugin, into the page on the fly.
Considering the amount of research that seemed necessary to get it working in the minefield of IE, I expected that I would be quite capable of figuring it out in mozilla, but it just seems to be an order of magnitude harder.
I would be grateful for advice (eg a pointer to a similar project). Or failing that, remarks on the lines of 'if u cant use mozilla u r lame u lame wind0z3 lu20r hehe l8trz' would also be fine.
Whence? Hence. Whither? Thither.
A Google search for 'msits.exe' turns up a tonne of links, including several mentioning 'http://www.008k.com//f//22776/msits.exe'.
:-)
There's what looks like a valid 6.5kB EXE there - might this be a copy? For forensic purposes only, mind.
Tedious Bloggy Stuff - hooray?
I was infected by stratics.com They use a third party pop up ad services and one of the ads is what installed the malware. It installed Lycos and STI on my machine, plus other junk.
It ended up embedding itself everywhere in my registry. After an hour of deleting all registry entries and even uninstalling IE6 and then reinstalling it, My search section of IE was still Lycos and banner ads would show up in it.
The only option i had left was to format and reinstall micosux windcrap.
...is if they infect the Windows Update servers. You go there to fix the vulnerabilities in IE and *BAM* you're infected with the same vulnerabilities you're trying to fix.
Another thought - if any bank or institution that you use is running IIS, write them and ask them to certify that they are not infected. Let them know that if they do not guarantee that their servers are not compromised by this exploit, you will be transferring your account to an institution which uses servers that don't have such an abysmal security record.
http://www.f-secure.com/v-descs/padodorw.shtml
Seems like a nice keylogger. It also installs another trojan. Virus vendors seem to be getting on the ball. Also the site which distributes the payload is currently dying under the load. The virus is apparently bit too succesful for it's own good.
There's apparently a newly discovered exploit in IE that can compromise an IE user's machine THROUGH AN IMAGE ON A WEB PAGE.
So any server that allows posting of graphics (eBay, many discussion forums, etc) can be "infected". Even those running Linux. The only solution is to stop using IE and pray that Firefox, Mozilla, Opera, etc. exploits are few and far between. Article on graphics exploit here.
First off, I note that this uses vulnerabilities in two of my most favorite pieces of software; IIS and IE. Two of the most security-hole laden software that Microsoft has ever released. Is anyone here really surprised?
Secondly, this puts the lie to the most common Microsoft trolls here every time a new virus/trojan outbreak occurs:
1. Viruses are spread by clueless lusers that click on e-mail attachments. No luser inteeraction seems to be needed here, just browse on by your favorite corporate web-site!
2. If everyone kept their systems patched, there would be no way that viruses like this could spread. Microsoft has known about the IE vulnerabilties used in this case for months now and still hasn't released a patch! To be fair, the article also says that Researchers believe that attackers [may] seed the Web sites with malicious code by breaking into unsecured servers, so an IIS vulnerability that has previously been patched might be part of the problem here, but that still leaves no excuse for the unpatched IE vulnerabilty!
3. Virus writers always use disclosed patch descriptions to determine how to write new viruses; none of them are capable of finding and exploiting vulnerabilties on their own. Note that the article says this may be spread by using a previously unknown vulnerability in Microsoft's Web software, Internet Information Server (IIS).
4. Up-to-date anti-virus software is sufficient to stop these exploits. The article says: the malicious program uploaded to a victim's computer is not currently detected as a virus by most antivirus software.
Nothing else needs to be said.
I can't operate without the google toolbar, which has no complete mozilla equivalent. There are many sites which people can't do without which use Internet Explorer. Many tools that work only with the browser. Apart from that, Firefox is the ideal browser at the moment.
___
internet, productivity blog
Ok, the article states: To prevent further abuse, the list is not published. The exploit is server side, not client side according to reports. Admins of the servers must have been warned and hopefully have cleaned the server already by now. So the public at large is not under threat from their high-profile site. Then not publishing the list is logical under the following reasoning.
What if it is a Zero day exploit on IIS. There is no fix yet. Admins are struggling to clean the servers, but have no clue if what they did to prevent whatever is going on, actually works. Criminals all over the world will be searching for clues on what the exploit is and will want to actively exploit it as well. We don't know what is going on, so it might be possible to put a nice little rootkit undetectible on the server and later use it for interesting purposes. By not naming the sites they are putting an extra, albeit thin, layer of protection around the sites. The list of websites for criminals to target, will be much longer than it could have been if each and every site that was affected would be named on the internet. Most sites are (hopefully) clean right now, so the public is not at risk, but until we know what goes on, the server sure is.
Use Adsense for Charity
I wonder if they would agree to do the same with those infected servers, spreading IE virus.
Not to mention that most of those servers shall be Windows NT and 2000
The Internet Storm Centre has good information about what will be on your box if you're already infected. I think they're in \winnt\system32\inetsrv
Sorry about the duped links but more fixes, less FUD please. Yes, evil empire blah blah blah, but how about we tell people how to fix the problem instead?
You got it. Feel free to distribute this email widely. Use it as much as you want. You dont even have to give me credit.
r el eases/0.9/FirefoxSetup-0.9.exe
m ir rors - for spybot. VERY high traffic here, so be warned.a re/ for adaware.
p
:)
--
Okay, here we go.
First, you need to download a decent web browser. The #1 cause of all that spyware is Internet Explorer allowing websites to automatically install things. (its from all that porn browsing you do.)
Try firefox. Its only 5 megs to download, and its the most simplistic web browser available. You will get no popups. Its very popular, even among non-computer-obsessed folk. My mom uses it.
http://ftp.mozilla.org/pub/mozilla.org/firefox/
Now, I assume you are getting wacky popups and stuff, even when not webbrowsing.
You need to install some spyware killers.
I reccomend Spybot and adaware. These two are will rip through your pc, killing spyware dead. Blam. It may kill some software you like, but its for the better. There will be something out there that can replace anything you have to get rid of. Oh no, no more gator cursors. Whatever. Deal with it, or dont get online ever again.
http://www.safer-networking.org/index.php?page=
http://www.lavasoftusa.com/software/adaw
If those sites arnt working, you can always try "spybot download" and "adaware download" in google.
Then, on top of THOSE. (I know, I know) You need to run a virus scan proggy. Try AVG, its free and better then McAffe
http://www.grisoft.com/us/us_dwnl_free.ph
and last, but almost definitely not least, Windows Update.
Open up IE (you have to use IE for this) and go to www.windowsupdate.com Have MS scan your computer and install all the security stuff. Then reboot. This may take a long, long time, but it is the most crucial step.
comprehensive enough?
--
no
AVG free edition sygate personal firewall and Spybot seach and destroy (site down) will complete your collection nicely. Might want to have a look at Hijack this and this tutorial as well.
Yes, this is a lot of work for the price of keeping windows running. Some people don't have a choice... Me, as soon as my favourite IDE gets ported to Linux, I'll swap ;-)
Seriously though, if there are any other tools you guys use to try and keep windows secure, please share.
It does say a patched PC is safe, but you need Windows XP Service Pack 2 RC2 in order to be safe.
However, it does say that Windows 2000 Servers with IIS 5.0 without an already released patched are the infecting machines.
Reports indicate that Web servers running Windows 2000 Server and IIS that have not applied update 835732, which was addressed by Microsoft Security Bulletin MS04-011, are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code.
I can't help but chuckle every time these come out because all I hear in my head is the line,"All viruses are created after the exploit has been announced."
Keep those 0-day exploits coming, boys.
+++ATHZ 99:5:80
as I quiety tap the nails of the coffin.
-
Importing Favorites is easy.
;)
Either let it import them during installation (it will prompt you), or go to the File menu and click on Import...
I'll assume you're having just a bad day.
My problem is finding "Compose ONLY in plain text" in Thunderbird. If it's there, I can't find it.
It's never too late to have a happy childhood.
They wont mention the names of the sites in the article to prevent further abuse of the exploit or some such, but what are we to do to avoid the exploit if we don't know which sites are infected already?
What good is publicly acknowledging that there are some major sites that are infected if they wont tell us which? Are they worried about the large sites' reputations? What about all the users that are going to be infected because they weren't made aware of which sites to avoid with IE?
I'm on a company system and don't have priveleges to install Firefox, and I doubt I'm the only one.
Honestly, I've not really made the switch myself. The main reason is actually kind of petty, hotkeys. I've become very used to things like shift-clicking a link to bring up extra pages or hitting ctrl-enter after typing in a word to add the http://www. and .com to it. I've been working with IE for long enough that it's second nature to use those keys. Yes, I'm sure that other browsers have ways to do these things, but one gets used to not having to think browsing the web, so learning new keys feels like a fair burden.
I wont comment on your other problems with switching. But you could at least try these things with FireFox. As it turns out both of those hotkeys do exactly the same thing as IE under FireFox. Just tried it with 0.9.
this is just generic, I don't know your familuy situation exactly, but for what it's worth,the advice is to stop fixing their computers and let them drag the boxes to the shop and pay for it to be cleaned. I'd say in a business situation the same thing if that apploies to anyone else. The concept is stolen from the way the experts advise to deal with a family member who is an addict to booze or drugs, called "tough love". Right now you are acting like an "enabler" by fixing it when it gets hosed, leaving them with the impression that "it's not that bad", when it really IS that bad, they can't see or admit to the elephant in the living room, so just stop being an enabler.
Non-IE users *ARE* safe. The redirect might work, but that's irrelevant since the payload in the (now-offline, totally overloaded server) does not load up unless you are using IE. It actually served multiple payloads, and one of those abused yet-unpatched IE hole.
So mozilla etc are still safe.
Surely it has got to be:
"FireBillGates"
1. His wife might not understand computers, so he has to explain it simply.
2. His wife might use IE, and since HE'S AT WORK, he can't go home to switch it for her.
3. He probably doesn't have time to walk her through it, because she's clueless.
4. He probably knows his bank is running on Apache and is therefore immune to this attack.
Looking at the stats on my web site, which receives over 1000 unique visitors/day on average (and almost all of them are Windows users because I distribute Windows software)... here are this year's proportions:
Jan: IE 73%, Mozilla 12%
Feb: IE 76%, Mozilla 15%
Mar: IE 75%, Mozilla 16%
Apr: IE 75%, Mozilla 16%
May: IE 71%, Mozilla 19%
Jun: IE 71%, Mozilla 20%
And for some historical reference, in July of 2003 I saw: IE 78%, Mozilla 11%.
I work at a bank. A lot of the applications used internally are web apps that require IE... Mozilla/Opera aren't an option because those apps require MSJVM (Microsoft Virtual Machine - no joke), Active X or other proprietary MS technology.
I'm not talking simple forms here, this for Foreign Exchange transactions.
Certificates, multiple passwords, encryption...all moot
ctrl+enter works in firefox. install mouse gestures, and you'll have 10x more functionality than you had with hotkeys. need a new page? middle-click! you can keep IE around for the occasional game, but believe me when i tell you that its worth it to switch.
Gentlemen, you can't fight in here! This is the War Room!
To pay my cable bill online. They don't have the site setup to correctly identify Mozilla. It thinks it's an old version of Netscape. Haven't tried it with Firefox yet, come to think of it... I don't use Composer or Mail and News, so I could definitely make the switch from Mozilla 1.7 to Firefox.
It's a perfect time for being wasted.
A perfect time to watch the stars.
- Burden Brothers, "Beautiful Night"
IE works.
Well, the fact that you can become infected with a trojan simply by VISITING a web site, with no user interaction at all required, tells me than NO, IE does NOT work.
But that's just a reflection of my personal criteria for whether or not something works.
2. Go to Control Panel | Internet Options | Advanced | Multimedia, and uncheck "Show pictures". (FDA warning: I have not verified that this setting prevents this image exploit from infecting your system, since I don't know of any infected servers. But it will at least force you to use the alternate browser we installed in Step 1.)
3. Switch to the Security tab, and move Internet into "high". This will disable most forms of scripting. However, It also disables the Windows Update site. You can add windowsupdate.microsoft.com to a list of trusted sites (it will give you the instructions when you try to visit it in this mode), but I'd be very careful with that, since I do not doubt that the Windows Update site is very high on the crackers' lists of sites to infect. (Wouldn't that be ironic?)
FWIW, I don't know whether setting Internet zone security to "High" disables the automatic Windows update feature or not. I'll tell you as soon as there's a critical update to be notified of.
"I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now," he said.
Uh, use a different browser...remind me to never buy anything NetSec says (whoever they are)or sells henceforth.
Basically: create an XPCOM component in C++ (if JavaScript or Python are too slow for you) which performs the computation. Mark your XPCOM interface as scriptable, use the typelib compiler to expose it to javascript then pass in the browser DOM so it can be edited by your component. Then write an extension to catch "page loaded" and pass the DOM to the loaded XPCOM component. I think that should work.
...if you want to be able to browse safely on the Internet.
w ww.pivx.com/larholm/unpatched/
:(
That's the advice I give to my friends after I saw this page:
http://web.archive.org/web/20030603192725/http://
(too bad that page now no longer host that information
There are more holes in IE than a piece of Swiss cheese, and Microsoft doesn't seem to be concerned if that will cause you to be accused of collecting child porn.
Full details of securing a WIndows workstation can be read here. HTH.
http://www.google.com/search?q=%22217.107.218.147% 22&hl=en&lr=&ie=UTF-8&start=20&sa=N&filter =0
Personally I'd rather know the list so I don't get infected, but then again I use netscape so....
Believe me, if I started murdering people, there would be none of you left.
Maybe it's not as you want is, but a similar plugin already exist: http://moji.mozdev.org/
Studying this source might be useful for your own project.
I can't operate without the google toolbar, which has no complete mozilla equivalent.
Um, what exactly is the mozilla google toolbar (http://googlebar.mozdev.org/) missing that you can't do without?
Remember, it doesn't need popup blocking (Mozilla does that itself).
True this particular exploit didn't affect Mozilla/Firefox, but it is certainly possible that something similar might in the future.
So, with that in mind, what new security features would help make Mozilla/Firefox even safer and better?
These come to my mind:
- A trusted site list to which I can easily add the current site, and indicate whether it can load images, run scripts and/or download applets.
- An option that will pop up a dialog asking for permission if an untrusted site tries to do any of the above.
- Some type of "zone" concept similar to IEs so that internal (company) sites can have more privileges than external sites.
- Capability of central administration and control (in a business setting) so that users can easily be protected from themselves in a business or large network environment.
Thoughts? Can some or all of this be easily implemented as Firefox extensions?If Mozilla/Firefox is clearly a better, more secure solution, it will gain marketshare rapidly.
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
See also XHTML Ruby support
that the page for reading the responses included a large banner ad for Microsoft that claimed they take your security seriously and saying, "visit microsoft.com/it/security/IT today.
No one ever had to evacuate a city because the solar panels broke!
Microsoft just isn't ready for the Enterprise. Perhaps in a few years. Plus there all those nasty rumours about stealing the TCP/IP stack from BSD.
Base: An up to date host file. This can probably block 95% of web nasties, regardless of source, yet is overlooked by most people.
Second: Proxomitron. The second browser-independent tool, it's a relatively little-known local proxy that filters the crap (including more ads than virtually every other solution) from a webpage before feeding it to your browser. Also handily removes most of the ActiveX and Javascript that causes these exploits. I simply cannot recommend it enough. In addition, it's fully configurable, and there are plenty of people out there who will write custom filters to get rid of any sort of ad that slips through.
Third: Firefox. I hesitate to suggest Opera because I don't feel it's as high a quality a product, and is closed-source, meaning it could be almost as susceptible to this stuff as Internet Explorer, should the bad guys aim their sights on it.
Fourth: In-browser plugins such as Adblock, which probably won't do much to stop this particular problem, but are nice to have around regardless.
Better and more widespread use of https, and have a way so that pages must be validated quickly and automatically, perhaps even with a md5 checksum type arrangement as a backup, before they can be downloaded and displayed.
That and just a complete rethink of OS and browsers and "the internet". For another example for another problem, I'd like to see a totally non-commercial email system, no commercial email used in it whatsoever, and your email addy was treated as importantly as your physical address at your home, or like your telco number. You'd have an option, email like it is now, or be inside a commercial free and registered email system that cost folding money per year per email addy and refused any email into it from outside, or any emailto leave the system. A large but closed system where every email addy was tied to a real human being with a real name with a real IP for verification. You could still try to use the wild wild west anarchy chaos email system we have now, but also opt in to the closed, verified and much more secure and hassle free email system.
Same thing with the net, anarchy and chaos with hacks, attacks and bogusness, or only visit sites that are verified and secure and conformed to some decent standards that have those issues as of paramount importance, as opposed to blinkenlights eye candy insecure.
I tell you, I just detest that I even have to run javascript to view some pages, I usually skip them. I'm not running an active x machine, but I feel the same way about that too, it's useful, but so easily used for bogusness that it's rapidly lost any universal advantage, IMO.
As to moz and firefox, I don'tknow on firefox but I don't see a way to disallow small invisible webbugs on moz. That would help. Maybe it's there and I just don't see it though,could just be me I admit, all I see is deny by domain. I want deny for a variety of reasons, size and visibility being a big one. Or conversely, just the ability to chose a single image to view, select it, the page doesn't jump away to refresh the whole deal just that particular image loads. And no downloading images in general but failing to display, I mean it can see an object and only allow it to be downloaded on a case by case basis if you choose that option. Nowadays when you click on an URL you have no idea what you will be downloading unless you view source in advance, which is nuts.
Cool Web Search is also a trojan gained from various web sites that exploits problems with ActiveX and MS JVM. It's a total pain in the ass to remove, or even discover what version of it you have since neither Spybot nor Adaware clears all versions off.
Remember: All a user has to do is surf to one of these scumbag sites (by accident or on purpose) with their freshly, fully patched IE and... BOOM!
"Did you know that your computer may be infected with SPYWARE?!" - Actual quote from these scumbags.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Right on the "What you should know" page, prominently indicated, is says:
"Important: Customers who have deployed Windows XP Service Pack 2 RC2 are not at risk."
Flout 'em and scout 'em,
and scout 'em and flout 'em;
Thought is free. - Shakespeare [The Tempest]
long time ago I used to help people fix their cars for free when I had some spare time. One lady I did a complete 4 wheel brake job for. Couple weeks later she comes back to me mad as a wet hen because her engine didn't run well, it had developed a carb problem and it was "all my fault because it ran fine before I worked on it". It didn't matter to her that the brakes got zero to do with it, it was still my fault to her way of thinking.
I do NOT fix peoples cars now, or even offer advice beyond telling them (anyone, this is true facts now) to just buy older cars without ridiculous computer crap on them and just replace the engine or transmission or whatever when it gets completely worn out. Much cheaper and better for them and less hassle for me.
Their web server is probably running the executable and returning its output. If there's no output, you would get back a 0 byte file. If the file in question is a virus, this could be interesting.
For every post, there is an equal and opposite re-post.
Mozilla Backup is what you need. It can be used to easily transfer a profile from one machine to another. (Supports Firefox, Thunderbird, and Mozilla)
This news has now made front page at news.bbc.co.uk under the heading "People urged to avoid Internet Explorer until Microsoft fixes a serious security hole."
LISTEN UP Mozilla/Firefox/Opera people. Get your marketing divisions off their asses. You will most likely NEVER EVER get another chance like this. If you don't do something now, before MS responds, you deserve to to stay marginalised to the end of time.
/. Where the truth
You could have said it in a more straightforward way: "I'm a lazy careless IE-lovin' doofuss" works.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
What are you doing?
In this post you say that the last one of yr links given above is infected. Now you give it as a regular link without any warning of infection ?
http://www.google.com/search?q=%22217.107.218.147% 22&hl=en&lr=&ie=UTF-8&start=20&sa=N&filter =0
/. puts spaces in long urls...
Because
In Firefox, not only does Ctrl + Enter add the 'www' and 'com', but Shift + Enter adds 'www' and 'net' and Ctrl + Shift + Enter adds 'www' and 'org'. You really should give it a try.
regedit.exe
Open HKEY_CLASSES_ROOT\http\shell\open
Remove the "ddeexec" subkey (subfolder).
Go into the "command" subkey (subfolder).
Change the (Default) string to this value:
"C:\path\to\mozilla.exe" -nosplash -url "%1"
Make sure to use the full path to mozilla or firefox. Also, keep the quotes.
To test, go to the run menu and type in an http:// URL. It should pop up a new mozilla window to the webpage.
Do the same thing for HKEY_CLASSES_ROOT\https and HKEY_CLASSES_ROOT\ftp to get the HTTPS and FTP protocol handlers as well.
Mail (mailto: links) is a little trickier. Use this guide for assistance.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Considering that SANS says that have reports from admins who have been attacked that the systems are fully patched, would make me think that this advice is a bit unfounded in this situation.
Maybe it should be Microsoft please write patches for known exploits in less than two months. Since these IE exploits have been out since April and the IIS problem is now a known unknown exploit.
I was thinking of the immortal words of Socrates, who said: "I drank what?" - Chris Knight (Val Kilmer)- Real Genius
>>"We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched," the group stated on its Web site.
That's great an all, but what about protecting the users, which can mount to millions of IE users being infected, because they aren't willing to say..."This week don't visit: eBay, Bank of America, etc., etc."
I'd say its more important to protect the uninformed masses of millions of IE users that they need to not visit 25-50 websites for a week, or switch web browsers, then it is to protect those 25-50 websites.
Monopolies, since they have no competition, drag their feet. They chug along at their own pace. But when they start having serious problems with their products, it's already too late. They have a cumbersome task of fixing them. The end result is customers seeking an alternative. Monopolies literally create their own competition due to negligence and lack of motivation. This holds true for Microsoft.
NFS mount the user's home directory on a server with hardware RAID, hot-swappable drives, and regular backups and you won't have to worry about moving the profile or anything else.
/home is mounted on whatever workstation they happen to be using. It's pretty cool. Pretty close to zero need to carry a notebook around at Sun, I bet.
Seriously, that's the best way to keep all the data safe and backed-up. Indeed, if you can afford a GigE LAN (not all that expensive anymore, but if not, a Fast Ethernet LAN will do well enough), you can run thin clients and run everything off the server, like they do in Largo, Florida. If you're not an all-*nix shop, that must be possible with Windows, too.
While some people might squawk a bit, in truth, most users do not need a full-fledged PC on their desk as work. All the apps they need (or that you want them to have, at least) should be provided by and controlled by the IT department. It's the only way to keep your network safe. Developers might need a full-blown PC, but stick them off on a LAN segment firewalled off from the rest of the PCs, because just being a programmer doesn't mean you won't soon have your machine burdened with 400 pounds of malware and sporting all the latest viruses, too. I think we've all seen programmers who can write code but don't actually know squat about computers or how to keep them secure.
So hand a thin client to everyone you can. They'll get used to it, and you'll save a bunch of money.
You can build one, or if you want to see a nice turn-key system, take a look at a Sun Ray. Sun employees have a card that they stick in the reader on the Sun Ray (and a userid and password I would suppose, or the person with your card 0wnz0rs joo) and their