New Trojan Threatens Windows XP SP 2

lightdarkness writes "Symantec is reporting about a new virus called Phel (Anagram of 'help') which is a Trojan which spreads via a HTML file. All the user needs to do is go to the page, and it takes advantage of the vulnerability in the IE Help control component files. This allows the attacker to download malicious programs on to the machine. Worst part is, this is one of the exploits that even effects SP2. Microsoft is said to be working to stop the spread, and to release a patch." The exploit is apparently not the same as the help file problems disclosed last week.

They always want to catch the bad guys...

[borfast]

Microsoft is working to forensically analyze the malicious code in Phel and will work with law enforcement agencies to identify and bring to justice those responsible for the malicious activity, he said.

They always want to catch the bad guys but Microsoft itself is never held responsible fot the damages their crippled software causes.

As a software developer myself, I know it's almost impossible to make a big software product 100% bug free but come on... Microsoft's software is becoming ridiculous!

Re:I wonder how much market share...

[eyeball]

Microsoft will lose before it manages to put out a new and more secure version of IE (assuming that is even possible ;-)).

Or a lite version. They're fighting an uphill battle -- they need to keep their code compatible with the buttload of non standard features they've introduced over the years (mainly things like activex windows-specific plugins) that people have build applications on top of. If they were to release something that was stripped down (yet retained all the functionality of something on the level with Firefox) and gave the user a choice to install the backwards-compatible mess, they might get out of this situation.

Of course they won't because that gives people a migration path off IE (and eventually off Windows).