Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Trojan Threatens Windows XP SP 2

Posted by michael on from the unplug-your-computer-for-protection dept.

lightdarkness writes "Symantec is reporting about a new virus called Phel (Anagram of 'help') which is a Trojan which spreads via a HTML file. All the user needs to do is go to the page, and it takes advantage of the vulnerability in the IE Help control component files. This allows the attacker to download malicious programs on to the machine. Worst part is, this is one of the exploits that even effects SP2. Microsoft is said to be working to stop the spread, and to release a patch." The exploit is apparently not the same as the help file problems disclosed last week.

20 of 241 comments (clear)

  1. Microsoft happy with IE? by Quasar1999 · · Score: 4, Insightful

    Oh... yeah... IE is great... no need to change it until longhorn...

    so what exactly processes HTML in windows again? Some third party plugin? No... IE? ahhh... what a shame... and here I thought that there was no need to do anything to IE as it is so perfect...

    --

    ---
    Programming is like sex... Make one mistake and support it the rest of your life.
    1. Re:Microsoft happy with IE? by teg · · Score: 4, Insightful

      Oh... yeah... IE is great... no need to change it until longhorn...

      In all fairness, that statement was about features. Not security.

      They'll keep on patching this Swiss Cheese after-the-fact for a long time yes, and know it.

    2. Re:Microsoft happy with IE? by Anonymous Coward · · Score: 3, Insightful
      so what exactly processes HTML in windows again? Some third party plugin? No... IE? ahhh...

      Which means that the only way to avoid IE and its holes is to not use Windows at all. Microsoft's decision to make IE an integrated part of Windows is bearing fruit...

    3. Re:Microsoft happy with IE? by mm0mm · · Score: 2, Insightful
      In all fairness, that statement was about features. Not security.

      huh? that was "about features?" I don't think there has been any major new features added to IE since mid/late-90's. sure, it's up to date in the auto industry's development cycle.

    4. Re:Microsoft happy with IE? by teg · · Score: 2, Insightful

      It seems that MS holding onto IE is simply to save face, there is no real value in IE any more,

      Yes, there is. Customer lock in. Making moving onto non-MS platforms harder and more costly. And keeping MS as the dominant corporate desktop platform is their spearhead into the corporate server space as well.

    5. Re:Microsoft happy with IE? by geekboy642 · · Score: 1, Insightful

      Best programmers or not, straight out of $UNIVERSITY directly equates to inexperienced.

      --
      Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
  2. Screwing for Virginity by Spinlock_1977 · · Score: 3, Insightful

    Relying on Windows for security is like fighting for peace, or screwing for virginity. 'Nuff said.

    --
    - The Kessel run is for nerf herders. I can circumnavigate the entire Central Finite Curve in a lot less than 12 parse
  3. Re:Yep. Firefox is not a threat. by klang · · Score: 5, Insightful

    nope, Firefox is not at threat to Internet Explorer .. Internet Explorer is a threat to Internet Explorer!

  4. The problem isn't JUST Windows... by ral315 · · Score: 3, Insightful

    The problem is, the end users who will visit these types of sites, especially in IE (the same users who will open e-mails for free Vioxx or Rolex watches)

  5. Re:Windows Help....bah humbug by Loren_Burlingame · · Score: 2, Insightful

    To tell you the truth, the help system in XP seems to be much better than in past versions. I have actually used it a few times to learn about command syntax or to find obscure configuration tabs.

  6. Re:They always want to catch the bad guys... by Create+an+Account · · Score: 2, Insightful

    ...becoming ridiculous?

  7. Wasting our tax money by max+born · · Score: 4, Insightful

    Customers in the U.S. who believe they have been attacked should contact their local FBI office or post their complaint online at www.ifccfbi.gov

    Non MS users should contact the FBI and tell them we don't want our tax dollars to go to phel. Let Microsoft deal with it.

  8. The MSFT Party Line by HangingChad · · Score: 5, Insightful
    The problem is, the end users who will visit these types of sites...

    That's good, blame the victim. Just what sites are those? Where's the big list of sites you shouldn't visit? We might know where to avoid, but how is Joe User going to know?

    Typical MSFT response. Instead of fixing their busted ass software they blame the victim. How's the weather in Redmond today?

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
  9. good example of IE design flaws by roca · · Score: 4, Insightful

    This is a good example of why "IE only looks bad because it has the most market share" is at best dubious, and why IE is going to continue to struggle with problems that don't affect other browsers.

    In particular, here we have problems in a scriptable ActiveX control for presenting Windows Help files. It's nice to have that available for Windows integration, and maybe for intranet Web applications (though regular Web pages are fine for the vast majority of online help), but people don't need it for regular Web surfing. There have been tons of flaws in these preloaded ActiveX controls, but Microsoft seems unwilling to change its policy to reduce this attack surface.

    1. Re:good example of IE design flaws by emmenjay · · Score: 2, Insightful

      > This is a good example of why "IE only looks bad
      > because it has the most market share" is at best
      > dubious.

      Yes and no.

      The market share is certainly not the whole problem, but it is definitely part of it.

      1. In retrospect, trying to bind IE so tightly into the OS was a big mistake.

      2. The security model chosen for IE was poorly thought out, and is probably the single biggest cause of problems. However, because so much 3rd party software relies on IE behaviour, changing the security model will be a nightmare.

      3. The quality of coding and of testing was very poor. MS have done a *lot* to improve that, but they are still crippled by poor legacy design.

      Notwithstanding the above, if (when?) Firefox captures enough market share (40-60%) to gain the broad interest of the bad guys, I will be surprised if we don't see a large number of problems.

      Firefox, being much newer, seems to have much better design. We've seen some of IE's worst mistakes and avoided them. It remains, however, to be seen if we have created some whole new classes of mistakes.

      Don't mistake my intention: I use Firefox and recommend it to anybody. I hope I'm wrong and it proves completely bullet-proof. However long experience in software projects makes me tend to the pessimistic side. :-)

  10. Re:They always want to catch the bad guys... by Kent+Recal · · Score: 2, Insightful

    Microsoft's software is becoming ridiculous!

    It's been there for quite a while...

    The only good thing is that constant media coverage (it's even *slowly* trickling into mainstream media) makes more and more people aware. Few of them will look for alternatives. Many of those make the switch to firefox (because it's easy and has the added bonus of suppressing these banner ads) but only a small number actually looks for another OS - because the only viable desktop alternative is still the mac and those are expensive.

  11. just remember by cinnamon+colbert · · Score: 5, Insightful

    1) the list of FORMER competitors of MS is a long one..anyone remember DR-DOS, which always got better reviews in the trade journals ? Lets add borland, lotus, star office, etc etc. A rationale person has some humility and or fear when confronted with a proven champion, regardless of the methods the champion uses.

    2) Unlike other companies, MS can survive a disaster - (either DOS 4 or 5) was a dog that would have killed any other company; MS survived to fight another day (eg, borland died when they were late with one product). I'm sure /. readers can supply many other examples of companies that died when there single flagship product was late or buggy; only MS can live to fight another day, with its cash flow and monomply posistions.

    3) IMHO, MS has developed an unusual corp ability - the ability to throw money at a problem and solve it. IF gates and ballmer were really interested, they could release a new IE next year.

    4) Gates is laughing at /. and firefox cause they are playing the wrong game. I don't think he cares a flying f*ck about technical superiority, or bloat or stuff like that; he cares about market share. For all we know, he may be happy that the 10% of the market consisting of geeks is distracted by linux and firefox - it never makes economic sense for a biz to care about more then 80% of the market.

    5) there is something kinda pathetic and geekish and teenagerish in this constant gloating about bugs in MS products. Maybe worm writers don't write for *nix because that is not where the market is - if you r interested in making money, an not tech bragging writes, why wd u care about the geeks using linux. no money and hard to cheat - just not a soft target (the same principal by which "insurgents" choose unarmored Iraqis over armored mobile americans.
    Untill there is some reasonably similar user base, any comparision of worms or bugs or whatever you want to call them, between nix and ms, is meanignleess. Its sort of like comparing gas mileage between GM and solectra. Just not a comparison that has meaning in the real world of sales and market share.

    6) Since the game gates is playing is market share and sales and PROFITS, maybe he is not that interested in the OS or the browser - maybe they think OSs and Browsers will become commodity objects, and the money is in apps.
    think about ibm selling its pc division - companies exist to make money, not technically superior produdts. Sometimes you can win on technical superiority; sometimes not

  12. Outlook & Outlook Express by ManuelKelly · · Score: 2, Insightful

    Won't this also occur in email with Outlook and Outlook Express? They use the same control that IE does to process the html.

    This could make for a much worse case than having to visit a web site. Just have the preview pane open with these apps and get a spam than contains the exploit.

  13. Wow! Great point! by xeno-cat · · Score: 2, Insightful

    This is what is known as a "negative external" in economic lingo.

    Basicaly, Microsoft does not care about the costs of security because it does not effect it's bottom line. The costs are "external" to MS.

    So, why does the government (meaning we, the people...) allow MS to cost industry, government and citizens billions of dollars without sanction? If this was Exxon spilling oil all over baby seals they would have to pay (a fraction) of the clean up costs and get all sorts of bad PR. With MS it's just Busines as Usuall.

    Kind Regards

    --
    "A few great minds are enough to endow humanity with monstrous power, but a few great hearts are not enough to make us w
  14. IE cannot be fixed by IchBinEinPenguin · · Score: 2, Insightful

    Security has to be part of the initial design, you can't retrofit it.
    A motorcycle will always be inherently less save than a volvo, no matter what else you do to it. (sure, a safe rider can be safer than an idiot in a volvo).
    The design decisions that went into IE make it impossible to secure, no difficult, not expensive, but IMPOSSIBLE.
    ActiveX is the most obvious example where functionality/usability/ease-of-use totally overrode security in the design. You can't fix that, just like you can't make a motorcycle safe by adding seatbelts (more here: http://sans.org/rr/whitepapers/awareness/1509.php) .
    Saying it's the users fault is like giving someone a book of matches in a dynamite factory and saying "it's your fault for lighting the match".
    IE is a wonderful inTRAnet explorer, filling out timesheets in a low-risk network. Using it on the inTERnet is like entering a demolition derby on a motorbike.