New IE Malware Captures Passwords Ahead Of SSL

← Back to Stories (view on slashdot.org)

New IE Malware Captures Passwords Ahead Of SSL

Posted by simoniker on Tuesday June 29, 2004 @07:53AM from the tricky dept.

Ken Treis writes "SANS Internet Storm Center is reporting on a new strain of IE Malware. This one targets bank customers, which in itself is nothing new. But the catch is in the way it does it: it installs a Browser Help Object (BHO) that can capture login information before it is encrypted, and 'watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries.'."

45 of 986 comments (clear)

Coming events by Carnildo · 2004-06-29 07:53 · Score: 5, Funny

Cue the "Gee I'm glad I use FireFox on Linux" posts.

--
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
1. Re:Coming events by Anonymous Coward · 2004-06-29 07:55 · Score: 5, Funny
  
  Gee I'm glad I use FireFox on Linux.
2. Re:Coming events by foidulus · 2004-06-29 08:00 · Score: 4, Funny
  
  Nah, I'll stick to lynx running on my gamecube, the only way to surf!
3. Re:Coming events by Anonymous Coward · 2004-06-29 08:24 · Score: 2, Funny
  
  I'd agree with you, except my banks aren't supporting standards, and don't work with standards-compliant browsers. I see a conspiracy.
4. Re:Coming events by karniv0re · 2004-06-29 08:26 · Score: 5, Funny
  
  You just wait, mister, until enough people start using Lynx. Then they'll start coding malware for Lynx. Just think! Pop-ups, Homepage changing... You might even get browser-hijacked to porn sights!
5. Re:Coming events by FuzzyBad-Mofo · 2004-06-29 08:42 · Score: 2, Funny
  
  Fortunately, this problem is fixed in Mozilla Moondog. (actually .9.1 with Firesomething installed for fun)
6. Re:Coming events by MarkGriz · 2004-06-29 08:46 · Score: 2, Funny
  
  Better yet... they should do their online banking on their own time.
  
  --
  Beauty is in the eye of the beerholder.
7. Re:Coming events by sentientbeing · 2004-06-29 08:49 · Score: 5, Funny
  
  Gee im glad im continously overdrawn and therefore have no money whatsover in my bank account...
  
  the last time i asked for money at the bank they knocked me back.
  
  "Fine!" I said, im taking my minus 1500 elsewhere...."
  
  --
  
  ------
  beware he who would deny you access to information, for in his mind he dreams himself your master
8. Re:Coming events by freakmn · 2004-06-29 08:51 · Score: 5, Funny
  
  I'm glad I use AOL on Windows ME!
  
  If I actually did, I think I would puke...
  
  --
  warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
9. Re:Coming events by Phexro · 2004-06-29 09:04 · Score: 4, Funny
  
  True, but they are testing with "Mozilla 5."
  
  Since Mozilla just hit 1.7, this webpage must have fallen backwards in time through a freak wormhole.
  
  If you look in the comments, it also mentions something about IE developers being "the first up against the wall when the revolution came."
10. Re:Coming events by cynic10508 · 2004-06-29 09:20 · Score: 2, Funny
  
  You just wait, mister, until enough people start using Lynx. Then they'll start coding malware for Lynx. Just think! Pop-ups, Homepage changing... You might even get browser-hijacked to porn sights!
  
  Mmm... ASCII porn...
11. Re:Coming events by blair1q · 2004-06-29 10:00 · Score: 4, Funny
  
  $ telnet www.slashdot.org 80
  it's the only way to fly
12. Re:Coming events by mangu · 2004-06-29 10:38 · Score: 4, Funny
  
  Oh, now I know where the ASCII-art goatse came from!
13. Re:Coming events by DarkHelmet · 2004-06-29 11:42 · Score: 4, Funny
  
  Port 80? Amateur! Try it on 443 :)
  
  --
  /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
14. Re:Coming events by zsau · 2004-06-29 12:38 · Score: 3, Funny
  
  Have you not heard of the exploit in Firefox that causes the launch of Internet Explorer? If you, like me, run a Linuxbox, you won't have a problem with it because no matter how hard it tries, there's simply no IE to launch. Once IE is launched, the system is just as vulnerable as if IE was used in the first place!
  
  I read about the exploit here on Slashdot a few days ago, so obviously it's reliable. It doesn't use Javascript so disabling that won't help. IIRC, the code that causes it is something along the lines of:
  <b>This page is designed for Internet Explorer, and will not work on other browsers. Please use Internet Explorer.</b>
  There is no known fix for this exploit! (Other than removing Windows from your system.)
  
  --
  Look out!
Wow.... by FatSean · 2004-06-29 07:54 · Score: 1, Funny

I'm simply stunned...where I work security is #1 and availability is #2. Judging by their output...it must be very different working at MS.

--
Blar.
And this... by DaHat · 2004-06-29 07:55 · Score: 5, Funny

Is why I transmit all of my passwords in plain text... not very secure, but a lot less obvious then all of these complicated 'security' or 'encryption' methods.

--
Help Brendan pay off his student loans
HA! by Anonymous Coward · 2004-06-29 07:58 · Score: 5, Funny

This is why I do all my online banking using Gopher.
I love IE by Admiral+Llama · 2004-06-29 07:59 · Score: 3, Funny

This isn't Malware, this is advertising for Apple. THIS is why I buy Macintoshes.
Because... by Draconix · 2004-06-29 07:59 · Score: 5, Funny

What's a browser? Is that like Internet Explorer? But why do I need another one when I already have Internet Explorer? Don't I have to use Internet Explorer to connect to the internet?

--
By reading this you acknowledge that you have read it.
1. Re:Because... by I+confirm+I'm+not+a · 2004-06-29 08:14 · Score: 4, Funny
  
  Don't I have to use Internet Explorer to connect to the internet?
  
  Whoa! Hold right up there, coyboy! You're telling me there's a difference?
  
  (Sure it's not necessary but...just in case..."proud Firefox user since 0.6!")
  
  --
  This is where the serious fun begins.
2. Re:Because... by cbovasso · 2004-06-29 08:19 · Score: 3, Funny
  
  Wait... Isn't AOL the internet?
  Now Im confused.
  
  --
  I ask for a car and I get a computer. How's about that for being born under a bad .sig?
3. Re:Because... by Iron+Chef+Unix · 2004-06-29 08:42 · Score: 2, Funny
  
  You laugh, but just yesterday my girlfriend's roommate told me that she didn't like all the pop-ups with IE, so she just uses AOL. She actually uses AOL, and they have a broadband connection! I asked her why, and she said, "that's what I have always used." So, not only does she use AOL solely for the browser, but she pays for it. Argh!
  
  Not only that, I suspect from the huge amount of pop-ups that she gets, that she has some major spyware, etc on her computer.
  
  I told her she should probably fix that and install a new browser/pop-up blocker. Her response:
  
  "When can you do that for me?"...
  
  --
  Like puzzle games? Warehouse51 for iOS
New Genre by the_mad_poster · 2004-06-29 08:00 · Score: 3, Funny

You know you really have something going for you when a single application in your product line helps defines it own genre of exploits:

...the adware/spyware/IE exploit genre...

--
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Open Source compressor used: by geeber · 2004-06-29 08:01 · Score: 4, Funny

From the article:

It is actually a 27648 byte Win32 executable that has been compressed using the Open Source executable compressor UPX.

Cue the FUD saying "look I told you Open Source was inherently less secure!"

--
Download my free songs!
1. Re:Open Source compressor used: by Anonymous Coward · 2004-06-29 08:29 · Score: 1, Funny
  
  UPX is written in portable endian-neutral C++
  
  <MS shill>
  
  ...thus indicating the importance of switching to .Net and disassociating yourself from the terrorist-supporting C++ language.
  
  </MS shill>
Re:I'm suprised by NanoGator · 2004-06-29 08:01 · Score: 4, Funny

"Why would you fsck with SSL..."

Because there are no files to check, just packets?

--
"Derp de derp."
Re:Can someone explain... by DaHat · 2004-06-29 08:02 · Score: 2, Funny

less chance your inheritance is going to disappear from her bank account.

Or if there is currently little or no inheritance... have her use IE in the hopes that some how her bank account will get extra funds due to the exploit thus creating or increasing your possible inheritance.

--
Help Brendan pay off his student loans
"New IE Malware" by sulli · 2004-06-29 08:03 · Score: 4, Funny

(Score: -1, Redundant)

--

sulli
RTFJ.
Man, I'm so sick of this... by NeoGeo64 · 2004-06-29 08:05 · Score: 5, Funny

When will us Linux users finally get to experience all of these exploits and viruses? It looks like Windows users have all the fun. :-)
1. Re:Man, I'm so sick of this... by .+visplek+. · 2004-06-29 08:30 · Score: 2, Funny
  
  Hey man, it's open source! Make your own vulnerabilities! Join the development team! Linux can not be taken seriously if there aren't at least 2,000 worms or security holes available. I myself am working on KRURAG. (KDE Random User Root Acces Granting)
  
  --
  - Save a tree, eat more woodpeckers
My Related Prayer by Anonymous Coward · 2004-06-29 08:08 · Score: 2, Funny

I'm not a religious person... but I will now attempt to pray...

God, it's me, Anonymous Coward, I beg you, have the l33t hax0rs of the world unite to develop exploits and hacks against Linux and Firefox so that open source zealots can no longer scream about how secure their software is. Any competent person or deity (ie you) knows that there are potential exploits in both, but most have not been found because most do not look as hard as is done with Windows.

If you do this for me... I promise to sell my soul to your minions in Redmond and banish any Linux or Open Source related product from my home from now until eternity.

Amen
Sad... because its true by HighOrbit · 2004-06-29 08:21 · Score: 4, Funny

Unfortunatly this describes 90% of people out there. The only way I can think of to overcome that kind of pervasive ignorace is a public service campaign like the anti-drug campaigns.

[joke]
"This is your computer.. this is your computer on Internet Explorer"
-or-
"Friends don't let Friends use Internet Explorer"
-or-
"Just say No to Internet Explorer"
[/joke]

Seriously, there needs to be a TV campaign or even public service banners on high traffic sites like google or CNN.
A good thing this only affects IE users... by lightspawn · 2004-06-29 08:22 · Score: 3, Funny

After last week's CERT advisory, there should only be a handful of them left.
Re:Can someone explain... by Pantheraleo2k3 · 2004-06-29 08:26 · Score: 4, Funny

a) Threaten to never support her computer again
b) Hide the IE shortcuts
c) Change the IE homepage to say, in big letters, "YOU'RE NOT SUPPOSED TO BE USING THIS NOW GET OUT AND START FIREFOX"
d) If you have Zonealarm on her computer, set it so IE has no Internet access
e) Use IE's Content Advisor to block all Web sites
f) I could go on and on
Re:Why is a gif file getting run as an EXE?!? by Anonymous Coward · 2004-06-29 08:35 · Score: 1, Funny

Does another exploit change the .gif name to .exe or attempt to unzip the .gif file? If not, why does IE allow .gif's to be installed?!

Clearly this is a programming error. IE only allows destructive executables to be installed without permission, rather than harmless image files. Rest assured that the programmers who let this "feature" slip through will be dealt with.
Re:So.. by NanoGator · 2004-06-29 08:36 · Score: 2, Funny

" The question should be, "What fancy-ass special feature does Firefox NOT have."

That question inhibits Firefox's widespread adoption.

--
"Derp de derp."
Re:In other news... by Anonymous Coward · 2004-06-29 08:38 · Score: 1, Funny

Gates says MS is getting faster fixing security holes.

I have verified this. Microsoft technical support now tells me to reboot my machine instantly, rather than asking what the problem is first.
Re:So.. by Feyr · 2004-06-29 08:43 · Score: 2, Funny

what about the "too fuckin cumbersome to install a plugin on" line ? because it sure fits firefox nicely
Doesn't effect me... by buddhahat · 2004-06-29 08:43 · Score: 2, Funny

My passwords are just little black dots when I type them.

--
------ How can making people laugh lead to bad karma?
Problem solved! by Whatthehellever · 2004-06-29 09:04 · Score: 2, Funny

We'll just add the following Javascript into websites:

var userAgent = navigator.userAgent;
var MSIEIndex = userAgent.indexOf("MSIE");
if (userAgent.indexOf("Win") != -1 &&
userAgent.indexOf("MSIE") != -1 &&
userAgent.substring((MSIEIndex + 5),(MSIEIndex + 8)) >= 5.5)
window.location.replace("IE_BAD.htm"); //

and let those still using IE suffer.

--

---
IMHO, of course.
May the SOURCE be with you.
My apologies by Flower · 2004-06-29 09:17 · Score: 4, Funny

Log in, get, get, get owned. MS IE is a joke on your backbone. Log in, get, get, get owned. MS IE is a joke on your backbone. MS IE is a joke.

I really must stop watching Comedy Central.

--
I don't want knowledge. I want certainty. - Law, David Bowie
Re:Because it isn't so clear cut by GTRacer · 2004-06-29 09:33 · Score: 2, Funny

So-o-o-o... These people are clubbing grocery clerks and movie ushers with a piece of fencepost they keep in the company garage?
California is one weird place!
GTRacer
- Needs a new fence

--
Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
Re:Complain, Complain, Complain!!! by Just+Some+Guy · 2004-06-29 10:16 · Score: 2, Funny

oftware that has a negligible sercurity record.
I do not think it means what you think it means. OpenBSD has a negligible security record. Apache has a negligible security record. IE's security record is about as gligible as it can get without torch-bearing masses tearing down Microsoft's doors in search of the Developers! Developers! Developers!

--
Dewey, what part of this looks like authorities should be involved?
Re:Quit the handwringing and DO SOMETHING! by Anonymous Coward · 2004-06-30 02:01 · Score: 1, Funny

they are right up the street from me

i can handle it in a few minutes