Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest Version of MyDoom Exploits New IE Flaw

Posted by michael on from the zero-day-wormz dept.

techentin writes " CNN Money is reporting a new and improved MyDoom variant which is spread by a hyperlink in email. Clicking the link connects the user to an infected machine, which exploits a recently discovered buffer overflow in Internet Explorer. McAfee has a more detailed description. Is this yet another good reason for running Firefox?" CNET also has a story.

11 of 435 comments (clear)

  1. CNN Story by AKAImBatman · · Score: 4, Insightful

    It's pretty neat how far FireFox is beginning to spread. CNN carried this story on TV just a half-hour ago. They mentioned that FireFox was becoming the most popular alternative to IE. My coworkers (who's job includes watching CNN) came by and asked me why this FireFox thing is better. I told them about tabbed browsing, popup blocking, lack of security issues, and other niceties.

    One of the coworkers downloaded FireFox right away. I actually expected him to take a little while to wean off of IE. After I showed him FireFox's features, however, he set FireFox to his default browser and deleted his IE shortcuts! I think we're definitely making headway. :-)

    --
    Javascript + Nintendo DSi = DSiCade
    1. Re:CNN Story by scribblej · · Score: 5, Insightful

      "Lack of security issues?"

      Okay, I'll grant you that FireFox is probably more secure than IE. But to say it lacks security issues is going a little further than I'd go, myself. In fact, I'd be willing to bet you $10 that it has security issues of it's own.

      Don't sell your friend a dream. Set his expectations realistically. No software is bulletproof. No software lacks security issues.

      Firefox f-ing rocks, no doubt about it. It blows IE out of the water. It probably has far fewer security holes. But to say it "lacks security issues" is naieve.

      Don't believe everything you read on slashdot. A lot of these people have an agenda to meet.

    2. Re:CNN Story by That's+Unpossible! · · Score: 4, Insightful

      As a fellow grammar Nazi, let me explain that the person you're responding to meant Firefox lacks security issues COMPARED TO INTERNET EXPLORER.

      It's like saying a program lacks features. Obviously you don't mean it has no features -- just that it lacks features, WHEN COMPARED TO ANOTHER PRODUCT.

      --
      Ironically, the word ironically is often used incorrectly.
    3. Re:CNN Story by LuxFX · · Score: 3, Insightful

      Firefox f-ing rocks, no doubt about it. It blows IE out of the water. It probably has far fewer security holes. But to say it "lacks security issues" is naieve.

      The last security bug I remember hearing about in Firefox had a working patch to fix the problem very quickly. In fact, it was released by about the time I had finished reading the alert in the first place. Microsoft, on the other hand, takes considerably longer.

      It's one thing to admit there are security vulnerabilities in Firefox. There have been, and there will continue to be vulnerabilities discovered in Firefox. But as long as the Firefox community fixes these vulnerabilities as quickly as they have in the past, I don't think it's fair to say that Firefox has security issues.

      Microsoft, of course, has both security vulnerabilities and security issues. It becomes an issue when the vulnerabilities aren't dealt with quickly enough.

      Semantics, I know.... But there is a crucial difference.

      --
      Punctanym: alternate spelling of words using punctuation or numerals in place of some or all of its letters; see 'leet'
  2. A good reason for using Firefox, or ... by eqkivaro · · Score: 3, Insightful

    users could pull their heads out of their asses and stop clicking on links in SPAM.

    1. Re:A good reason for using Firefox, or ... by chill · · Score: 5, Insightful

      users could pull their heads out of their asses and stop clicking on links in SPAM.

      Bzzzt, wrong answer.

      Most viruses come from people you know, since they exploit the address book feature. Most spam comes from people you never heard of.

      Thus, it is the links in the e-mail from people you KNOW, not spam, that is the problem.

      --
      Learning HOW to think is more important than learning WHAT to think.
    2. Re:A good reason for using Firefox, or ... by aardvarkjoe · · Score: 5, Insightful

      I don't usually get mail from people I know telling me that Paypal has charged my credit card.

      --

      How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
  3. Better the losing side. by jbrelie · · Score: 5, Insightful

    Let's not be hasty. True, I love Firefox, but IE is a giant honey pot out there for malicious attackers. If too many people switch, they'll start targeting Firefox. As much as I hate to admit it, they WILL find flaws to target.

    1. Re:Better the losing side. by stefanlasiewski · · Score: 5, Insightful

      they WILL find flaws to target

      Sure, but will those flaws in Firefox as serious as the flaws in IE?

      It seems like when Microsoft attempted to integrate IE with the OS, IE was allowed access the OS in some very dangerous ways.

      For instance, why would earlier versions of IE write files to any directory without asking the User for permission?

      --
      "Can of worms? The can is open... the worms are everywhere."
  4. until someone discovered a bug that redirects... by slew · · Score: 3, Insightful

    until someone discovered a bug that redirects to a pwn3d auto-update site, click a button wait a few kb download and voila... Yeah that might not happen, but don't think it is out of the range of possibility...

  5. Re:SP2 immunity by bedessen · · Score: 3, Insightful

    Just playing devil's advocate here, but if there was a security vulnerabilty in an open-source project which affected older versions of the software -- but not the current released/stable version -- then this would be a non-story. "Foo v1.25 has a vulnerability? Well it's the user's fault for not running v1.30 which fixed that bug." But it's Microsoft, so somehow all the laws of software are different....