Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest Version of MyDoom Exploits New IE Flaw

Posted by michael on from the zero-day-wormz dept.

techentin writes " CNN Money is reporting a new and improved MyDoom variant which is spread by a hyperlink in email. Clicking the link connects the user to an infected machine, which exploits a recently discovered buffer overflow in Internet Explorer. McAfee has a more detailed description. Is this yet another good reason for running Firefox?" CNET also has a story.

3 of 435 comments (clear)

  1. SP2 by Anonymous Coward · · Score: 5, Informative

    SP2 not vulnerable... Upgrade or perish.

  2. Not as much of a problem though by einhverfr · · Score: 5, Informative

    There are a few design flaws in IE that make it a uniquely dangerous program to use to access the internet. These mistakes have, as yet, not been made by the Mozilla team. Perhaps we have learned a few things...

    The largest problem (mostly the cause of spyware rather than viruses though) is the issue of ActiveX scripting. Because ActiveX controls are trusted on the basis of vendor signature, and because someone can force an old version to be downloaded and installed, it means that no security patch can protect you against a malicious site scripting against a bug in an ActiveX control signed by a trusted vendor. No security patch can be writte to do this without breaking *every* ActiveX control in the internet.

    The second issue is that of security zones. This allows an attacker to exploit any flaws that come with the enforcement of such zones. This is an issue for viruses and spyware alike.

    Now, it is possible that a new as yet unimagined sort of attack will eventually be possible against some type of functionality in Mozilla. At least one type has (XUL files spoofing interfaces), but if these become a problem, it is open source, and so you or anyone else can pay for somone to make a version with a different structure. If enough people switch, the process begins over again. But each time, I think we are safer.

    --

    LedgerSMB: Open source Accounting/ERP
  3. SP2 immunity by jaiyen · · Score: 5, Informative

    For those who don't RTFA, XP SP2 doesn't appear to be vulnerable.
    "Users who have installed Windows XP Service Pack 2 are immune to the programs that use the vulnerability, including the two new variants of the MyDoom virus."