Slashdot Mirror

← Back to Stories (view on slashdot.org)

Corporate Servers Spreading IE Virus [Updated]

Posted by CowboyNeal on from the ill-and-infectious dept.

uncadonna writes "ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms." Update: 06/25 14:50 GMT by J : A reader points out Microsoft's What You Should Know page. Here's the short version for avoiding this Critical severity attack: you must install add-on software, and change multiple settings in multiple programs, thus causing "some Web sites to work improperly." By changing more settings, you can regain functionality for a particular site if "you trust that it is safe to use," which you have no way of knowing. Or try Firefox. Update: 06/25 19:30 GMT by J : Reuters reports the attack installs a keysniffer which can steal credit card numbers, passwords, and so on. The story offers safety tips, but fails to mention that, after patching the hole, many users will be infected without their knowledge. Shouldn't the "fix" include ceasing to type anything important into your computer until you purchase software which can detect and remove the Trojan? And will you be downloading that software with Mastercard or Visa?

37 of 1,028 comments (clear)

  1. yes by mwolff · · Score: 5, Funny

    http://www.mozilla.org

    1. Re:yes by atomic-penguin · · Score: 5, Funny

      I've yet to see an exploit that's affected me.

      Perhaps, you've heard of them. It's an affliction called frames.

      --
      /^([Ss]ame [Bb]at (time, |channel.)){2}$/
    2. Re:yes by fuzzix · · Score: 5, Funny
      Perhaps, you've heard of them. It's an affliction called frames.

      I've heard of them. I've also heard of tables. This is why I use Links
    3. Re:yes by Anonymous Coward · · Score: 5, Informative


      http://www.mozilla.org
      Two things:

      1. Don't use an account that has elevated priviledges.
      2. Don't install the latest security patches for I.E. 6.0.

      The article mentions that the exploit takes advantage of the recently announced vulnerability in I.E. that an advertising company was exploiting. My testing of this vulnerability revealed that it would be unsuccessful if you didn't use a priviledged account. And oddly, at least with the previous exploit, the code wouldn't run until I installed the latest security updates. A generic install of Windows XP or one with SP1 didn't appear to work. Odd.

    4. Re:yes by Anonymous Coward · · Score: 5, Funny

      Up from your swap
      Thirty megs in size
      Leaking memory
      Thrashing your drive
      Mozilla! Mozilla!

  2. Wonder How Microsoft Will React by RDosage · · Score: 5, Insightful

    And I also wonder how many people will actually heed the call and switch their browser.

    However, I doubt Microsoft will do anything for at least two months. Hopefully by then a major news source will pick up the story and everyone will hear it.

    1. Re:Wonder How Microsoft Will React by NeoThermic · · Score: 5, Insightful

      >> And I also wonder how many people will actually heed the call and switch their browser.

      Very very few. I've got firefox installed on my family computer. Despite them getting infected with adware and spyware through IE, none of them want to use firefox. I've asked them many times, and even gone to the point of deleting IE, but their resillence to use anything else forced me to put it back on (amongst other reasons).

      However, while Mircosoft are normally very good at patching these secuirty faults, this time they have totally failed. The blame doesn't rest with stubborn users who refuse to switch. The blame rests with Microsoft's inability to provide a patch in time.

      Once they do supply a patch, it will then turn into the case of a supid user who doesn't patch. (and my server's apache logs show this, I'm still getting attacked by Code Red from infected servers who have not been patched).

      Hopefully Microsoft will adapt to the pressure created by the users not being happy with the situation and release a patch.

      Then again, looking at the age of IE and the number of requests to make a better version added to the time its taken them to respond, I'm stating a pool for those who want to bid on the release date of the patch. All dates start from 2005 onwards...

      NeoThermic

      --
      Use my link above, or to view my server, NeoThermic.com
    2. Re:Wonder How Microsoft Will React by tdemark · · Score: 5, Interesting

      Despite them getting infected with adware and spyware through IE, none of them want to use firefox. I've asked them many times, and even gone to the point of deleting IE, but their resillence to use anything else forced me to put it back on (amongst other reasons).

      If you would be so kind, I am really curious what the reasons were.

      What I have always done is download Firefox, change the icon to the blue E, and rename the shortcut "Internet Explorer". I then tell them, "It's the new version of Internet Explorer, called Mozilla."

      I have had no people complain or ask to have the "old" version back. In fact, the only thing I have heard is praise ("It's so fast", "I don't get pop-ups anymore", etc).

      I've done this for about 60 users (45 computers), so far.

      - Tony

    3. Re:Wonder How Microsoft Will React by Mr_Silver · · Score: 5, Interesting
      I've asked them many times, and even gone to the point of deleting IE, but their resillence to use anything else forced me to put it back on (amongst other reasons).

      I'm a long time IE (then myIE2) user and have just moved to Firefox. Some of the things as a long term IE user I dont like is:

      1. The default theme is horrible. After some digging I found Qute which is far nicer on apparantly used to be default. Why they changed it is silly.
      2. The installer has a checkbox for recommended plugins, but it isn't active. Probably due to it being less than version 1.0. I think that when it does become active it should be on by default. It is worth noting that although geeks love plugins, the normal user is somewhat slightly less ameniable to the idea (especially when the plugin is considered "essential").
      3. The settings aren't very newbie friendly. I found i had to take a lot of time setting it up. There are settings hidden away that I have to use "about:config". I should never have to do that - especially not for the ones which aren't completely obscure. It kind of reminds me of Linux (firefox) vs Windows (ie). One is more powerful and customisable, but you have to work a lot at it to get it the way you like. The other isn't, but comes with basic settings that 80% of users are happy with.
      4. Error messages in browswer is not on by default. Why not? Why is the setting hidden away? 1995 is not calling. Lets move on.
      5. The button bar has about 4 buttons. I don't think it's too much to have, by default, new tab, back, forward, stop, reload, home, bookmarks, history, print and downloads. Power users can remove them, beginners will be fine.
      6. Google search by default takes you to the "I feel lucky" page. What was wrong with the normal search?
      7. No good support for IE favourites. No wizard, for importing, no ability to automatically detect them (I had to export then from IE and import), no ability to use the IE method of storing bookmarks and retain compatibility with other parts of the OS that show my bookmarks. Hell, if you want people to migrate, make it easy for their bookmarks!
      8. Still can't work out how to make shift-click open into a new tab. One extension will allow this - but it doesn't work with the (practically essential) tabbrowser extensions.
      9. Loading times are slow. A splash screen that indicates it's loading would be nicer than sitting looking at my desktop wondering if I really did click the icon. Or faster loading times. But there is no option in the config for that. Looks like i'll have to dig again.
      Having said all that though:
      1. There is some neat functionality both with and without all the plugins. Although having said that I have no idea what the neat plugins are. It's often a case of pick what looks good and go for it.
      2. The adblock extension is very good.
      3. I like the way I can put folders into the links bar and they drop down with my websites. Especially the open all in tabs.
      Now I'm sure I'll get 50+ posts of people telling me that I'm dumb, if I do x, y and z then I can get this, I just need to edit a file, I need to install this plugin, etc.etc. but the point is that I shouldn't need to post complaints to slashdot to get the answers, nor should i need to surf the web, use google or anything else.

      Nothing I've asked for is particulary difficult, it just makes migrating less painful.

      But yes, Firefox is very good. Got a few rough edges in the userbility department, but very good.

      --
      Avantslash - View Slashdot cleanly on your mobile phone.
    4. Re:Wonder How Microsoft Will React by SilentChris · · Score: 5, Insightful

      "and even gone to the point of deleting IE"

      May I ask why? Your users (family) are obviously telling you something: they don't like your solution. In addition, if you're actually deleting IE (not just removing the icon) you're probably breaking a lot of apps like Norton Antivirus that requires the MSHTML.dll (among others), making things worse.

      Always make new software an option, not "trick" the user or remove their old software. Explain the reasons for the change and the benefits of the new software. If they don't find any, obviously your argument doesn't hold as much weight as you thought it would.

    5. Re:Wonder How Microsoft Will React by cameleon · · Score: 5, Informative
      Some responses:
      1. This has been debated to death by Mozilla fans. Just give it some time, or download another theme.
      2. Extensions will be included in 1.0, I think. But there's nothing really missing for someone switching from IE; most extensions are icing for power users.
      3. I find Firefox settings very nice for a beginner/someone switching from IE. If you need to dig into about:config, you're not a stereotypical user.
      4. Because they are not working right yet. Check bugzilla if you want to know the details.
      5. This, I agree with. I'd remove all the buttons immediately, but for people coming from IE, it would be useful.
      6. No idea, I have a keyword ('g') set up for google searching.
      7. Here, you're just wrong. The installer asks on install if you want to import settings from IE, and I believe there's also a menu item to do it later.
      8. That's because shift-click saves a page. Try ctrl-click.
      9. I find it is instantanious on my 900 MHz Athlon, but this depends a lot on your computer. For me, it's the opposite: IE draws the window borders, then sits there for a few seconds before I can do anything with it. And Firefox still speeds up with each release.
      In short, you don't sound like a typical user; you're more likely a power user, and as a power user, you're expected to dig for a few options. Otherwise, the options dialog would be too overwhelming.
    6. Re:Wonder How Microsoft Will React by pohl · · Score: 5, Insightful
      And just WHY should CNN, or any other news service, "push" one product over another? What possible interest could they have?

      I don't think they should push one product over another, but I would love to see them identify the product & vendor of the vulnerable software. Too often these stories are very generic, saying that the virus infects your computer when you visit a website -- whereas they should say that the virus infects Microsoft Windows(tm) when you use Microsoft Internet Explorer(tm) to visit a website.

      In addition, rather than saying that you should just keep your anti-virus software up-to-date, they should offer the useful tidbit that the virus could also be avoided by using alternatives the vulnerable products. They don't have to mention Opera or Mozilla. They don't have to mention Linux or MacOS X. Just let the users know that there are other things they could do beyond paying Symantec (et al) for a more recent anti-virus package.

      What's possible interest could they have in doing this? To inform. That's a novel concept for a news source, I know...but I'd still like to see it happen now & then.

      --

      The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...

    7. Re:Wonder How Microsoft Will React by rembem · · Score: 5, Insightful

      The problem is that most people think that that Blue E == The Web == The Internet. E.g. many don't see they're also using internet when they're e-mailing. When you say "I'm gonna remove IE and give you firefox.", they think "He's gonna remove my internet access for some fire security reason! Ahrg!" They somehow just can't grasp what the internet is. What they see is the web, therefore they assume that the web == the internet. To start 'the internet', they click the blue E, therefore they assume that the blue E == the internet.

      Somehow you've got to educate those people that The Internet != The Web != Blue E. Now you're just abusing their primitive assumptions. ;)

    8. Re:Wonder How Microsoft Will React by Anonymous Coward · · Score: 5, Funny

      Oh yeah right. Like my friends and family don't think I'm *enough* of a loser.

      Now I'm supposed to sit down with them for a "face-to-face" about two browsers which are *identical* from their point of view?

      "Susan, come here for a minute."

      "Why? I've got to go in 10 minutes, I'm really busy."

      "No this is really important."

      "Oh okay"

      "I wanted to show this web browser"

      "Yeah, explorer, so what?"

      "No!!! This is FIREFOX!! AN ADVANCED OPEN-SOURCE WEB BROWSER!! MUCH MORE SECURE!!!"

      "It looks like explorer to me."

      "Well, it LOOKS like explorer but it's better. Look here, this is etrade.com, it looks just like explorer right? open source rules!"

      "Uhh, yeah, it looks exactly the same to me. Well don't mess up my computer I have to go."

      "WAIT!!! If there had been a virus there on etrade.com you WOULDN'T HAVE GOTTEN IT!! ISN'T THAT AWESOME!!!!!!!!"

      "You are such a loser."

  3. This could finally be it by Anonymous Coward · · Score: 5, Insightful

    The disaster we all knew was going to happen. Not just some uber1337 script kiddie releasing a buggy worm that crashes the computers it attacks but organized crime attacking the net infrastructure.

    But as bad as this may be this might also mean that finally more and more people and institutions will come to the conclusion, that a global infastrcuture depending on one product from one company simply isn't the way to go. Especially if this company has such a horrid track record when it comes to security.

  4. What really happens... by ibjhb · · Score: 5, Informative

    Since the article is very vague, what happens is that once they compromise the IIS server, they modify each site on the server to write a document footer to every page. The document footer calls a DLL placed in the %windir%\system32 directory. The DLL writes a line of JavaScript to each page which redirects the user to a remote server to download the malicious code.

    1. Re:What really happens... by Anonymous Coward · · Score: 5, Interesting

      This isn't a new technique, I remember the web development agency I worked for a few years back being caught out by a similar effect. A co-worker took some work home with him, and his (unpatched, unfirewalled, broadband-connected) IIS installation was infected. When he synced up with us the next morning, he infected about two hundred websites, some of them were very high profile. Hundreds of thousands of users were exposed.

      It was a stupid company, and I was always trying to get them to change policies that let things like this happen. When we started getting phonecalls from clients about this, the owner blamed stupid kids with too much time on their hands, and said we had absolutely nothing to do with it, couldn't be blamed, etc. All our clients fell for it, hook line and sinker. I think the owner had himself convinced by the end of the day (he was the type that refused to accept he was capable of screwing up).

      It's a sad state of the industry that we were responsible for infecting thousands of people and we got away with it scot-free.

  5. They won't list the sites by mgkimsal2 · · Score: 5, Insightful

    This time, however, the flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch. Moreover, the infectious Web sites are not just those of minor companies inhabiting the backwaters of the Web, but major companies, including some banks, said Brent Houlahan, chief technology officer of NetSec.

    "There's a pretty wide variety," he said. "There are auction sites, price comparison sites and financial institutions."

    The Internet Storm Center, which monitors Net threats, confirmed that the list of infected sites included some large Web properties.

    "We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched," the group stated on its Web site.

    WHY NOT? I've been trying to think of a reason NOT to list the sites infected, but I can't think of a good one. "To prevent further abuse"???? Wouldn't giving the public NOTICE about these sites help prevent more infections by having people NOT go to those sites?

    --
    creation science book
    1. Re:They won't list the sites by flowerp · · Score: 5, Insightful


      Nope, I think the real reason is protecting the businesses.

      Even if the sites' admins had aleady removed the infecting code, a "dangerous sites" list like that would likely prevent many potential visits to the site for weeks to come.

      --
      --- Eat my sig.
  6. Security Advisories by Lars+T. · · Score: 5, Informative

    US-CERT and Internet Storm Center. Less talk, more information.

    --

    Lars T.

    To the guy who modded me down from perfect to terrible Karma - Apple haters still suck

  7. Opera? Firefox? IE.....hell no by arikol · · Score: 5, Interesting

    I know its not fashionable around these parts, being closed source, but Opera (www.opera.com) really is the bees knees. On my machine it renders faster, everything is snappier than mozilla/firefox and has more features than you can shake Darl Mcbride at. Its not free, true, but costs about the same as a pop-up blocker for Internal Exploder Plus, Operas built in mail client is wonderful Not that Im badmouthing firefox, I have that too, I just like Opera even better

  8. This just in... by howman · · Score: 5, Funny

    It has just been brought to our attention at the root of the problem this site

    --
    flinging poop since 1969
  9. But How Many People Will Switch? by Paulrothrock · · Score: 5, Insightful
    My dad had horrible spyware gunking up his PC at home. (Which he bought against my recommendation of a Macintosh.) I used my limited knowledge of spyware to clean it up, and told him to use Firefox. Next week, the default browser was back to IE. I changed it because I thought Windows had done something. The following week he told me "I don't want to use Firefox. Nothing works in it!"

    He'd rather have me wipe spyware and adware from his machine than deal with it. It's a symptom of having w3schools.com graduates making web sites in Frontpage that only work on front page.

    Of course, now IE doesn't work at all, so he runs AOL through his broadband connection to surf the Internet.

    And yes, I have since stopped wiping adware/spyware from his machine. I told him if he wasn't going to buy a machine that didn't get the stuff, or use a browser that was secure, he can deal with it himself.

    --
    I'm in the hole of the broadband donut.
  10. How to kill it by SpinyManiac · · Score: 5, Informative

    I think this is the one I caught at work.
    No security restrictions in IE will stop it.

    I caught it here:
    http://www.yetanotherhomepage.com/j7xx/j7xx .html
    There's a reason that this one isn't a link. ;)

    I killed mine like this (Windows 2000):

    Delete these:
    C:\Winnt\System32\Swin32.dll
    C:\Winnt\Sys tem32\Automove.exe
    C:\Winnt\System32\Trans.exe

    And this:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windo ws\Curr entVersion\Run
    [Adstartup] C:\Winnt\System32\Automove.exe

    Seek and destroy Swin32.dll in the registry
    Take out all of the CLSIDs it occurs in.

    --
    It's never too late to have a happy childhood.
  11. Infected ferociously by phil-is-math · · Score: 5, Interesting

    I was wondering where I got this from. I spent 4 hours removing Malware from my computer the other day. Since I don't tend to visit pr0n sites at work, I had know idea how I was so badly infected until now... Ad-aware, spybot, and Nortons did not find the evil software. My process list was filled with MANY unkillable process with random names. Every time I killed one, it would start again with a new name. I found the executables on my drive and deleted them, they would RE-CREATE themselves!! Also, it looked like one of the installed viruses(?) would download new Malware! I was wondering, is this a virus? is it spyware? It was hard to classify as far as I could tell and it SUCKED.

    --
    Word to me.
  12. not detected by AV software? by Lxy · · Score: 5, Interesting

    This "virus" is not detected by antivirus software, according to the article. Does anyone know why? I run eTrust on my IIS boxen. (yes, I have a few, no I didn't put them there, no, they shouldn't be there, but our dev team wants ASP) Etrust is a fine product, but supposedly this offending code isn't detected. That bothers me a little, but this leads to another question.

    Why isn't spyware classified as viral code? I realize it doesn't spread in the same manner as a virus, but it a) installs itself uninvited b) causes the PC and its software to behave erratically and c) makes my job needlessly more difficult. It bothers me that virus scanners aren't picking up spyware.

    Anyway, to bring this back on topic, this situation requires a server side fix. I'm sorry, I can't tell every customer to switch browsers. I can't even get my internal users to switch. Most can't, because of some oddly coded piece of software that only runs in IE. My point is, my boxen might be infected right now. Not caught by AV software, how am I supposed to determine whether this thing lives on my server?

    --

    There is no reasonable defense against an idiot with an agenda
    :wq
  13. Liability of sites that recommend IE? by G4from128k · · Score: 5, Interesting

    So many places say "this site best when viewed with IE." IANAL, but it seems irresponsible for a site to recommend IE, especially if site handles sensitive materials such as financial services or downloadable software. If IE includes known vulnerabilities, can sites be held liable for making that recommendation?

    Any thoughts from the more legally minded amongst us?

    --
    Two wrongs don't make a right, but three lefts do.
  14. Is it an IE only exploit? by SimplyCosmic · · Score: 5, Interesting

    The original post mentions a "combination of two unpatched IE security holes", but both the US-CERT and Internet Storm Center only mention javascript and not a specific browser as being able to be compromised by the infected IIS servers.

    My question is, how do we know this is an IE-only problem? I ask this because I have several friends whom I'm trying to convince try an alternative browser for security reasons but I don't want to be that guy we all know who goes off about "IE exploits" that turn out to be nothing of the sort.

  15. Can anyone tell me how to develop for Mozilla then by kahei · · Score: 5, Informative

    I really wish I could switch to Mozilla (ok, Firefox). My co-workers are switching to Firefox. My users are switching to firefox. But I can't, because I have no idea how to implement my pet project as a mozilla-type plugin.

    All it has to do is read in a dictionary file, then catch the 'new page loading' event, perform morphological analysis on the page, and edit the page as it loads to include ruby tags and/or something to display definitions in the toolbar. That's it! It's fairly computationally intensive and sometimes the right html to insert at a given point is a bit of a guessing game, but it's not rocket science. But HOW THE FORK DO I DO IT IN MOZILLA??

    PS Yes I have rtfm and no I cannot implement the analysis algorithm usefully in javascript and yes I do have to insert ruby tags, as well as regular javascript that talks back to the plugin, into the page on the fly.

    Considering the amount of research that seemed necessary to get it working in the minefield of IE, I expected that I would be quite capable of figuring it out in mozilla, but it just seems to be an order of magnitude harder.

    I would be grateful for advice (eg a pointer to a similar project). Or failing that, remarks on the lines of 'if u cant use mozilla u r lame u lame wind0z3 lu20r hehe l8trz' would also be fine.

    --
    Whence? Hence. Whither? Thither.
  16. What about this? by GrumpyDeveloper · · Score: 5, Informative

    There's apparently a newly discovered exploit in IE that can compromise an IE user's machine THROUGH AN IMAGE ON A WEB PAGE.

    So any server that allows posting of graphics (eBay, many discussion forums, etc) can be "infected". Even those running Linux. The only solution is to stop using IE and pray that Firefox, Mozilla, Opera, etc. exploits are few and far between. Article on graphics exploit here.

  17. Re:MSN Search is infected by Divlje+Jagode · · Score: 5, Informative
    If that post is related (msits.exe) then you have real shit going on when you get highjacked:
    This popped up six windows which installed both the default-homepage-network hijacker and also some nasty stuff [...]

    This crashed Windows Media Player and then it was overwritten with a small windows executable (I have it if you want it) - this was called wmplayer.exe and was in the Windows Media Player folder. The real Windows Media Player had been deleted. [...]

    The next time a WMP media file was accessed the new wmplayer.exe file ran and installed lots of adware, junkware, spyware etc, etc. [...]

    Now, I use K-meleon and privoxy for 99% of my browsing and only switch to IE when I can't do otherwise.

    AVG free edition sygate personal firewall and Spybot seach and destroy (site down) will complete your collection nicely. Might want to have a look at Hijack this and this tutorial as well.

    Yes, this is a lot of work for the price of keeping windows running. Some people don't have a choice... Me, as soon as my favourite IDE gets ported to Linux, I'll swap ;-)

    Seriously though, if there are any other tools you guys use to try and keep windows secure, please share.

  18. Re:Little things by Anonymous Coward · · Score: 5, Informative

    Honestly, I've not really made the switch myself. The main reason is actually kind of petty, hotkeys. I've become very used to things like shift-clicking a link to bring up extra pages or hitting ctrl-enter after typing in a word to add the http://www. and .com to it. I've been working with IE for long enough that it's second nature to use those keys. Yes, I'm sure that other browsers have ways to do these things, but one gets used to not having to think browsing the web, so learning new keys feels like a fair burden.

    I wont comment on your other problems with switching. But you could at least try these things with FireFox. As it turns out both of those hotkeys do exactly the same thing as IE under FireFox. Just tried it with 0.9.

  19. tough love by zogger · · Score: 5, Insightful

    this is just generic, I don't know your familuy situation exactly, but for what it's worth,the advice is to stop fixing their computers and let them drag the boxes to the shop and pay for it to be cleaned. I'd say in a business situation the same thing if that apploies to anyone else. The concept is stolen from the way the experts advise to deal with a family member who is an addict to booze or drugs, called "tough love". Right now you are acting like an "enabler" by fixing it when it gets hosed, leaving them with the impression that "it's not that bad", when it really IS that bad, they can't see or admit to the elephant in the living room, so just stop being an enabler.

  20. The best "Fire-" name? by LondonLawyer · · Score: 5, Funny

    Surely it has got to be:

    "FireBillGates"

  21. Why alternative browsers may not be possible by ManyLostPackets · · Score: 5, Informative

    I work at a bank. A lot of the applications used internally are web apps that require IE... Mozilla/Opera aren't an option because those apps require MSJVM (Microsoft Virtual Machine - no joke), Active X or other proprietary MS technology.

    I'm not talking simple forms here, this for Foreign Exchange transactions.

    Certificates, multiple passwords, encryption...all moot

  22. Re:Little things by chromaphobic · · Score: 5, Insightful

    IE works.

    Well, the fact that you can become infected with a trojan simply by VISITING a web site, with no user interaction at all required, tells me than NO, IE does NOT work.

    But that's just a reflection of my personal criteria for whether or not something works.

  23. The solution to every web problem in Windows by allio · · Score: 5, Informative
    Layers of protection.

    Base: An up to date host file. This can probably block 95% of web nasties, regardless of source, yet is overlooked by most people.
    Second: Proxomitron. The second browser-independent tool, it's a relatively little-known local proxy that filters the crap (including more ads than virtually every other solution) from a webpage before feeding it to your browser. Also handily removes most of the ActiveX and Javascript that causes these exploits. I simply cannot recommend it enough. In addition, it's fully configurable, and there are plenty of people out there who will write custom filters to get rid of any sort of ad that slips through.
    Third: Firefox. I hesitate to suggest Opera because I don't feel it's as high a quality a product, and is closed-source, meaning it could be almost as susceptible to this stuff as Internet Explorer, should the bad guys aim their sights on it.
    Fourth: In-browser plugins such as Adblock, which probably won't do much to stop this particular problem, but are nice to have around regardless.