Latest Version of MyDoom Exploits New IE Flaw

← Back to Stories (view on slashdot.org)

Latest Version of MyDoom Exploits New IE Flaw

Posted by michael on Tuesday November 9, 2004 @10:51AM from the zero-day-wormz dept.

techentin writes " CNN Money is reporting a new and improved MyDoom variant which is spread by a hyperlink in email. Clicking the link connects the user to an infected machine, which exploits a recently discovered buffer overflow in Internet Explorer. McAfee has a more detailed description. Is this yet another good reason for running Firefox?" CNET also has a story.

29 of 435 comments (clear)

Min score:

Reason:

Sort:

CNN Story by AKAImBatman · 2004-11-09 10:52 · Score: 4, Insightful

It's pretty neat how far FireFox is beginning to spread. CNN carried this story on TV just a half-hour ago. They mentioned that FireFox was becoming the most popular alternative to IE. My coworkers (who's job includes watching CNN) came by and asked me why this FireFox thing is better. I told them about tabbed browsing, popup blocking, lack of security issues, and other niceties.

One of the coworkers downloaded FireFox right away. I actually expected him to take a little while to wean off of IE. After I showed him FireFox's features, however, he set FireFox to his default browser and deleted his IE shortcuts! I think we're definitely making headway. :-)

--
Javascript + Nintendo DSi = DSiCade
1. Re:CNN Story by scribblej · 2004-11-09 11:00 · Score: 5, Insightful
  
  "Lack of security issues?"
  
  Okay, I'll grant you that FireFox is probably more secure than IE. But to say it lacks security issues is going a little further than I'd go, myself. In fact, I'd be willing to bet you $10 that it has security issues of it's own.
  
  Don't sell your friend a dream. Set his expectations realistically. No software is bulletproof. No software lacks security issues.
  
  Firefox f-ing rocks, no doubt about it. It blows IE out of the water. It probably has far fewer security holes. But to say it "lacks security issues" is naieve.
  
  Don't believe everything you read on slashdot. A lot of these people have an agenda to meet.
2. Re:CNN Story by That's+Unpossible! · 2004-11-09 11:27 · Score: 4, Insightful
  
  As a fellow grammar Nazi, let me explain that the person you're responding to meant Firefox lacks security issues COMPARED TO INTERNET EXPLORER.
  
  It's like saying a program lacks features. Obviously you don't mean it has no features -- just that it lacks features, WHEN COMPARED TO ANOTHER PRODUCT.
  
  --
  Ironically, the word ironically is often used incorrectly.
3. Re:CNN Story by LuxFX · 2004-11-09 13:38 · Score: 3, Insightful
  
  Firefox f-ing rocks, no doubt about it. It blows IE out of the water. It probably has far fewer security holes. But to say it "lacks security issues" is naieve.
  
  The last security bug I remember hearing about in Firefox had a working patch to fix the problem very quickly. In fact, it was released by about the time I had finished reading the alert in the first place. Microsoft, on the other hand, takes considerably longer.
  
  It's one thing to admit there are security vulnerabilities in Firefox. There have been, and there will continue to be vulnerabilities discovered in Firefox. But as long as the Firefox community fixes these vulnerabilities as quickly as they have in the past, I don't think it's fair to say that Firefox has security issues.
  
  Microsoft, of course, has both security vulnerabilities and security issues. It becomes an issue when the vulnerabilities aren't dealt with quickly enough.
  
  Semantics, I know.... But there is a crucial difference.
  
  --
  Punctanym: alternate spelling of words using punctuation or numerals in place of some or all of its letters; see 'leet'
4. Re:CNN Story by Bush+Pig · 2004-11-09 14:40 · Score: 2, Insightful
  
  Here in Australia, at least, we compare things _to_ each other, as well as _with_ each other. I'm pretty sure both usages are correct.
  
  --
  What a long, strange trip it's been.
A good reason for using Firefox, or ... by eqkivaro · 2004-11-09 10:54 · Score: 3, Insightful

users could pull their heads out of their asses and stop clicking on links in SPAM.
1. Re:A good reason for using Firefox, or ... by Metzli · 2004-11-09 10:57 · Score: 2, Insightful
  
  Unfortunately, it's much easier to get people to switch browsers than to actually think.....
  
  --
  "It's too bad stupidity isn't painful." - A. S. LaVey
2. Re:A good reason for using Firefox, or ... by chill · 2004-11-09 10:59 · Score: 5, Insightful
  
  users could pull their heads out of their asses and stop clicking on links in SPAM.
  
  Bzzzt, wrong answer.
  
  Most viruses come from people you know, since they exploit the address book feature. Most spam comes from people you never heard of.
  
  Thus, it is the links in the e-mail from people you KNOW, not spam, that is the problem.
  
  --
  Learning HOW to think is more important than learning WHAT to think.
3. Re:A good reason for using Firefox, or ... by Zonnald · 2004-11-09 11:02 · Score: 1, Insightful
  
  I am not so sure about that.
  
  Most of the emails that I recieve that have "Click Here" are coming from people I don't know, and often seem like derived names from various first and lasts names.
  
  BUT I STILL DON'T CLICK ON THE LINK.
4. Re:A good reason for using Firefox, or ... by eqkivaro · 2004-11-09 11:07 · Score: 2, Insightful
  
  After watching the election this past week, I'd have to agree with you there.
5. Re:A good reason for using Firefox, or ... by aardvarkjoe · 2004-11-09 11:32 · Score: 5, Insightful
  
  I don't usually get mail from people I know telling me that Paypal has charged my credit card.
  
  --
  
  How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
Better the losing side. by jbrelie · 2004-11-09 10:56 · Score: 5, Insightful

Let's not be hasty. True, I love Firefox, but IE is a giant honey pot out there for malicious attackers. If too many people switch, they'll start targeting Firefox. As much as I hate to admit it, they WILL find flaws to target.
1. Re:Better the losing side. by stefanlasiewski · 2004-11-09 11:12 · Score: 5, Insightful
  
  they WILL find flaws to target
  
  Sure, but will those flaws in Firefox as serious as the flaws in IE?
  
  It seems like when Microsoft attempted to integrate IE with the OS, IE was allowed access the OS in some very dangerous ways.
  
  For instance, why would earlier versions of IE write files to any directory without asking the User for permission?
  
  --
  "Can of worms? The can is open... the worms are everywhere."
You mean like... by Anonymous Coward · 2004-11-09 10:58 · Score: 2, Insightful

You mean like how Apache is #1 for vulnerabilities because it's the most popular web server?
1. Re:You mean like... by Anonymous Coward · 2004-11-09 11:34 · Score: 1, Insightful
  
  He's comparing it to IIS, not IE.
  
  Apache is more popular than IIS. Which is compromised more?
I hate to be picky... but.... by simetra · 2004-11-09 11:07 · Score: 2, Insightful

the little image for this "worms" topic isn't a worm, it's a catipillar (sp?)... or a larvae of some sort. How about a real worm image?

--

"Would it kill you to put down the toilet seat?" -- Maya Angelou
Impressive... by Alwin+Henseler · 2004-11-09 11:09 · Score: 2, Insightful

That someone managed to find yet another flaw in IE. You'd think that after the number of bugs found in IE so far, it would be about 100% bug-free by now. But duhhh... I guess that's too optimistic.
Beware of bugs in the above code; I have only proved it correct, not tried it. -Donald E. Knuth
New Exploits improves IE? by Man+in+Spandex · 2004-11-09 11:13 · Score: 2, Insightful

Microsoft should feel lucky that their crappy browser is being anal probed. by finding exploits like this they are forced to "improve" it. Improve might be a big word but imagine if there were exploits but no viruses/trojans/whatever, you would think that M$ would fix these exploited holes?
until someone discovered a bug that redirects... by slew · 2004-11-09 11:17 · Score: 3, Insightful

until someone discovered a bug that redirects to a pwn3d auto-update site, click a button wait a few kb download and voila... Yeah that might not happen, but don't think it is out of the range of possibility...
Re:Install SP2 You Dummies by g0hare · 2004-11-09 11:22 · Score: 2, Insightful

Now now,actually knowing how to use Windows is punishable by death on Slashdot. It amazes me how many people don't consider recompiling a kernel a nuisance, and these same people won't be bothered to actually read the documentation that comes with Windows 2k/xp/2003. Yeah. If you've been keeping up with patches this is a non-issue.

--
Vote Quimby!
Re:McAfee VirusScan by That's+Unpossible! · 2004-11-09 11:30 · Score: 2, Insightful

The *real* ironic twist to the story is that newer versions of McAfee VirusScan that Dell has been shipping requires Internet Explorer to be installed... and uses it to run the control center windows.

I think I am missing something. Are you saying there are normally Windows versions of Dell machines that come without IE?

Didn't think so.

--
Ironically, the word ironically is often used incorrectly.
Re:Install SP2 You Dummies by Jugalator · 2004-11-09 11:35 · Score: 2, Insightful

Or Windows XP SP2, which is not vulnerable.
What kind of imbecil runs XP but not SP2?

What's easier to change, Windows 2000 => XP SP2 or IE => Firefox?
For a corporate evironment (where, in many cases, most still run Windows 2000), I think I know which.

--
Beware: In C++, your friends can see your privates!
Your trust is misplaced by DrSkwid · 2004-11-09 11:44 · Score: 2, Insightful

you're trusting your include to provide the expected behaviour from printf

you're trusting your compiler and linker to provide you with the expected behaviour from compiling and linking your source code

you're trusting the kernel to not modify the behaviour of the syscalls required to print

you're trusting the CPU to execute the instructions you think it executes

Reflections on Trusting Trust

Ken Thompson

--
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
1. Re:Your trust is misplaced by Anonymous Coward · 2004-11-09 11:50 · Score: 2, Insightful
  
  All of your examples hold absolutely no water. They are all examples of exploits at a different level than the software. Obviously if you install software on an already-compromised environment, you cannot blame the software for problems down the road.
  
  We are -ASSUMING-, when evaulating code for security-conscious methodology, that the environment functions as advertised.
  
  Your examples are very nice for theoretical discussions, but some of us don't live in the classroom, we live in reality, where software really needs to have security briefs that don't border on the philosophical.
Re:Software without security issues: by jrockway · 2004-11-09 11:50 · Score: 2, Insightful

You would be surprised. Let's expand upon your program a bit.

(pseudocode)

program "evil":
main(){
close STDERR;
exec passwd;
}

program "passwd" running setuid
main(){
open > /etc/passwd
print STDERR "Password: "
}

Oops. The password file just got deleted. Security is hard :)

(The reason? File descriptor STDERR is usually #2. However, fd #2 is closed and replaced with /etc/passwd, unknown to the passwd program.)

--
My other car is first.
Re:SP2 immunity by Jeff+DeMaagd · 2004-11-09 12:10 · Score: 2, Insightful

XP isn't the entire Windows world.

IIRC, for every XP computer, there is one computer running Windows 2000 installation, and probably one running Win9x too. I wonder if this is the sooner updates is one feature Microsoft is trying to have to push people to upgrading.
Re:SP2 by Anonymous Coward · 2004-11-09 12:39 · Score: 2, Insightful

And where do I find this Windows 98 SP2????
Re:Install SP2 You Dummies by toddestan · 2004-11-09 15:28 · Score: 2, Insightful

What kind of imbecil runs XP but not SP2?

I do, why upgrade? XP SP2 is slower, has even more annoying widgets, and there is a considerable risk that my computer won't boot anymore if I install it. I think the big question is what kind of imbecil still runs IE, even if they have XP SP2?
Re:SP2 immunity by bedessen · 2004-11-09 22:05 · Score: 3, Insightful

Just playing devil's advocate here, but if there was a security vulnerabilty in an open-source project which affected older versions of the software -- but not the current released/stable version -- then this would be a non-story. "Foo v1.25 has a vulnerability? Well it's the user's fault for not running v1.30 which fixed that bug." But it's Microsoft, so somehow all the laws of software are different....