Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest Version of MyDoom Exploits New IE Flaw

Posted by michael on from the zero-day-wormz dept.

techentin writes " CNN Money is reporting a new and improved MyDoom variant which is spread by a hyperlink in email. Clicking the link connects the user to an infected machine, which exploits a recently discovered buffer overflow in Internet Explorer. McAfee has a more detailed description. Is this yet another good reason for running Firefox?" CNET also has a story.

19 of 435 comments (clear)

  1. more info about the virus by dwgranth · · Score: 2, Informative

    here at our company, we were hit w/ this virus a few days ago.. of course since IE is our standard browser.. well you get the picture.. anyway, the virus uses a few vulns.. one is the link spoofer and the spoofed link (in an email from the infected box which pulls any email addy it can to trick you) is a link to the infected box.. which then uses the noted vulnerabilty and the process repeats... so basically

  2. SP2 by Anonymous Coward · · Score: 5, Informative

    SP2 not vulnerable... Upgrade or perish.

  3. Re:A good reason for using Firefox, or ... by eqkivaro · · Score: 2, Informative

    did you RTFA? People I know don't send me emails about my ebay account.

  4. Install SP2 You Dummies by lseltzer · · Score: 4, Informative

    >>Is this yet another good reason for running Firefox?

    Or Windows XP SP2, which is not vulnerable.

    What kind of imbecil runs XP but not SP2?

  5. MOD PARENT UP by Anonymous Coward · · Score: 1, Informative

    +100 scratch off a few more ticks for microsoft 'innovation'!

  6. Sensationalist /. headlines by Swamii · · Score: 4, Informative

    Woopsie! Slashdot forgot to mention the fact that this vulnerability has no effect on XP machines patched with SP2. Way to go Slashdot!

    --
    Tech, life, family, faith: Give me a visit
  7. Not as much of a problem though by einhverfr · · Score: 5, Informative

    There are a few design flaws in IE that make it a uniquely dangerous program to use to access the internet. These mistakes have, as yet, not been made by the Mozilla team. Perhaps we have learned a few things...

    The largest problem (mostly the cause of spyware rather than viruses though) is the issue of ActiveX scripting. Because ActiveX controls are trusted on the basis of vendor signature, and because someone can force an old version to be downloaded and installed, it means that no security patch can protect you against a malicious site scripting against a bug in an ActiveX control signed by a trusted vendor. No security patch can be writte to do this without breaking *every* ActiveX control in the internet.

    The second issue is that of security zones. This allows an attacker to exploit any flaws that come with the enforcement of such zones. This is an issue for viruses and spyware alike.

    Now, it is possible that a new as yet unimagined sort of attack will eventually be possible against some type of functionality in Mozilla. At least one type has (XUL files spoofing interfaces), but if these become a problem, it is open source, and so you or anyone else can pay for somone to make a version with a different structure. If enough people switch, the process begins over again. But each time, I think we are safer.

    --

    LedgerSMB: Open source Accounting/ERP
  8. SP2 immunity by jaiyen · · Score: 5, Informative

    For those who don't RTFA, XP SP2 doesn't appear to be vulnerable.
    "Users who have installed Windows XP Service Pack 2 are immune to the programs that use the vulnerability, including the two new variants of the MyDoom virus."

  9. Re:I hate to be picky... but.... by Mattwolf7 · · Score: 2, Informative
    Yes you are correct, execpt it is a Geometer moth larve, often called an inchworm

    http://en.wikipedia.org/wiki/Inchworm

  10. Are any of you forgetting.. by Anonymous Coward · · Score: 1, Informative

    Opera...It has a lot less secutiry flaws than even Firefox and more functionality - and the only usable damned email client under Windows. Unfortunately their Java certificate support blows goats which is turning me off it as I now need this in my development work. Other than that though, it's far superior to Firefox (Which is pretty damned good) IMO.

  11. Software without security issues: by einhverfr · · Score: 2, Informative


    Don't sell your friend a dream. Set his expectations realistically. No software is bulletproof. No software lacks security issues.

    Hmmm.... I can think of one:

    how about:

    #include

    int main(){
    printf("Hello World!\n");
    }

    I dare you to find a security hole or other issue in that one! Probably better to say "it is unlikely that any nontrivial software will be without security holes or considerations."

    I run Qmail, and it certainly has its security considerations (no holes though). Security issues with Qmail are admin issues, not programming vulnerabilities.

    --

    LedgerSMB: Open source Accounting/ERP
    1. Re:Software without security issues: by YOU+LIKEWISE+FAIL+IT · · Score: 4, Informative
      #include <stdio.h>

      int main(){
      printf("Hello World!\n");
      }

      While your assumptions are most likely correct, complacency is the friend of the buffer overflow. Depending on your implementation of the clib, printf, usually considered safe, could possibly be a problem - particularly as it ends up using the locale system and the user settable LC_NUMERIC to determine how to represent numbers, radix, etc.

      My favourite printf gotcha however is the seldom used %n conversion character - unlike it's brethren, this one writes data to the pointer in the argument list ( the number of characters printed so far ). This can be used to scribble over various pointers in the arg list and is why you should never, ever allow users to provide format strings to the program without vetting them first.

      YLFI
      --
      One god, one market, one truth, one consumer.
    2. Re:Software without security issues: by Tony+Hoyle · · Score: 2, Informative

      OK:

      It doesn't return a value from main() which may cause a compiler to do funky things with the stack.

      Even worse argc and argv are not passed correctly so the function will be called with more parameters than it accepts.

      There's no attempt to determine the status of stdout - if redirected to an offline printer this software would crash.

      The users locale settings are not taken into account. ..neither are the language settings. This is unacceptable in modern software.

      The user friendlines of this software leaves a lot to be desired. No errors are reported should the user pass unwanted arguments.. they're simply ignored.

      Consideration should be given to the use of a GUI interface.

  12. Re:McAfee VirusScan by donnz · · Score: 3, Informative

    McAfee is a pox. It has the most useless update facility in the world that seems to rely on hopelessly long downloads of fixes to its own software (even if that particular program is disabled) rather than just updates to its virus databases. Oh, and it also murders the performance of any machine its loaded on. Grrr, McAfee, send your requests for references to me, please.

    Yes, I was recently forced back to the Windows world for one mind numbing week.

    --
    -- Free software on every PC on every desk
  13. Re:CNN Story by Tackhead · · Score: 4, Informative
    > Will someone puleeese explain what's so great about tabbed browsing? Do I really need another mini window manager inside of my application? And for most Windows users moving away from XP most of the tabbing is already done by the task bar. I like Firefox as much as the next guy. I seriously entertain the idea that I'm missing something here. Something BIG. So tell me.

    1) Go to www.BigNewsSiteorFaveBlog.com
    2) Decide you want to read 15 of the 30-40 news articles available to you.

    Then either:

    3-Tabbed) Click on the things that look interesting, and keep clicing on interesting while the 15 news articles load in separate tabs. By the time you've clicked the 15th thing, 10 of the 15 articles have already loaded and been rendered for you in their tabs. Hover the mouse button over an "X", and click once to close the tab without moving. (sweet on a conventional mouse, and really sweet on a touchpad-based laptop!)

    or:

    3-Untabbed-option-1) Click on the interesting thing. Click "back" (hoping that the stupid marketroids at the website haven't borked "back" on you). Click on the second interesting thing. Wait for the HTTP session to start. Read the article. Click "back" (and wait for the HTTP session to start as the original reloads). Click on the third interesting thing. Wait for... [repeat 15 times].

    or: 3-Untabbed-2) Click on the interesting thing in a new window. When window focus changes to the newly-popped-up window, curse, and click on the first browser window. Click on the second interesting thing to pop up the next article in a new window. When window focus changes, curse, and click on the first browser window. [ ... repeat 15 times.]

    If you read at the pace of a slug, and/or spend more time scrolling the article because you render all fonts in 24-point Gothic, tabbed browsing offers little advantage, because you spend a lot more time reading and scrolling through the article than you do loading and rendering it.

    If you read quickly, and/or cram enough text onto the page to see an entire page with one or two presses of PgDn, the 500-1000 milliseconds of HTTP session initialization, page-loading, and HTML-rendering time is an appreciable fraction of the time you spend reading an article. For CNN articles, we're talking about 5-10 paragraphs of text (5-10K of text, tops) and hundreds of kilobytes of frames, ads, banners, style sheets, and other crap that has to come down the pipe (often requiring multiple HTTP sessions to different websites - DNS lag can also come into play), and that ratio can be significant.

    Anything you can do to minimize the amount of time you spend waiting for content relative to reading content is a Good Thing. The larger that ratio of waiting:reading is, the bigger the advantage offered by tabbed browsing.

  14. Re:CNN Story by Frogbert · · Score: 4, Informative

    For me personaly the security issues with Firefox have always seemed a lot less dangerious then with those of Internet Explorer. What especialy annoys me about Internet Explorer is its constant ability to be infected with various toolbars and browser hijackers and dialers. These things are automaticaly installed in a lot of cases and, correct me if i'm wrong, firefox doesn't have vunerabilies to the same extent that are as wide spread.

    I don't typicaly get these things installed unless it is an automaticaly installing problem however my friends and family all had problems with Internet Explorer getting bogged down with this crap. I know once I install firefox I'll have a lot less crap to clean up when I next fix their computers.

  15. Also: mozilla arent so aggressive by steve_l · · Score: 3, Informative

    IE is embedded everywhere in Windows, even when you bring up an HTML dialog box. Add/Remove Programs? DHTML. System Restore? DHTML.

    Windows Update? Active-fucking-X. So unless you move http://*.microsoft.com/ into trusted zone (ramped up to medium security), you cannot get security updates without enabling ActiveX download and scripting.

    Even in WinXPSP2, there is still that trusted zone that gives unlimited rights. Like download unsigned activeX controls without prompting. There is nobody I'd give that right to, not even myself. Yet they have it.

    Plus all the MSN content pushes AX at you. At least Expedia are not that daft; you can shop there with Firefox. But check out a pure MS site
    like the channel9 developer site; ActiveX, windows everywhere. No attempt made to evangelise to the rest of us :)

  16. Re:Awww, Microsoft is so sweet by Anonymous Coward · · Score: 1, Informative

    I run Firefox 0.9 on a remaster of Damn Small Linux 0.8.2. I don't need much of a hard drive, especially if I use a usb pen drive for the restoration of my personal setting for this Live CD OS. Can't afford Microsoft products, so I have to make my own...

  17. Re:Will microsoft release a knowledge base article by darkmeridian · · Score: 2, Informative

    They have already. Read the third bullet under "More Information". Sigh.

    http://support.microsoft.com/default.aspx?scid=kb; %5Bln%5D;833786/

    --
    A NYC lawyer blogs. http://www.chuangblog.com/