Slashdot Mirror
New Trojan Threatens Windows XP SP 2
lightdarkness writes "Symantec is reporting about a new virus called Phel (Anagram of 'help') which is a Trojan which spreads via a HTML file. All the user needs to do is go to the page, and it takes advantage of the vulnerability in the IE Help control component files. This allows the attacker to download malicious programs on to the machine. Worst part is, this is one of the exploits that even effects SP2. Microsoft is said to be working to stop the spread, and to release a patch." The exploit is apparently not the same as the help file problems disclosed last week.
...Microsoft will lose before it manages to put out a new and more secure version of IE (assuming that is even possible ;-)). I keep hearing from friends who work as IT managers that they are systematically blocking access to IE and installing Firefox on their corporate clients (although that doesn't really shut IE down). IE's getting a really bad rap even in those environments where Microsoft marketing used to have more influence than cold hard facts... and if they don't do something decisive about it rather than releasing ad-hoc patches they're going to have a hell of a time restoring confidence in their product. Then again, they've been able to boounce back before... and it's not like they don't have the money to spend on marketing!
Good for you! But with all these vulnerabilities and resulting spyware bogging down your Windows install, the shit creeping in before you manage to download & install the latest patches, I am really impressed you actually get any work done (and managed to make this Slashdot post).
I don't consider yet another worm 0wning my box and handing it over to a spammer, a little thing. But okay, YMMV.
XPLite to remove the darn thing !
>> Techflock-flock onto the best bits of technology
Since this is so easy to catch, someone needs to write and distribute a version of this that installs a P2P client, to give the people that are being sued by the *AA's an 'out'...
Posting Anonymously, for obvious reasons...
Hi, I'm also a proud Canadian, and I agree that it's silly for a nation to call itself 'America' (a group of continents!) as if it was the only country IN America. BUT, I don't agree with your 'real' American bit. Don't make the same mistake with which we're unhappy. And also, if you're going to make radical statements, make sure your grammar and spelling are correct, otherwise, your message loses all credibility.
I just pooped your party.
not quite... there are some cases in which a compromised web site can serve as a 'launch pad' for malware. There are "some" cases like this and not "a lot" because the vast majority of attacks are done by script kiddies who have no fsking idea what and how they are doing it.
I had one server compromised because of a web application vulnerability... and after finishing to diagnose, fix, patch and check I could only say: "Thanks God it wasn't someone who knew what and how to ... [all my nightmares here]"
While I agree with what you say, I can't stop myself to ask: "How can you delete an email which might be full of malware without seeing it?". (I'm sure some might say it can be done... I even did it under OE by shift selecting the previous and next message, deleting all of them, undeleting the others) But the idea is that no potential malware should be executed automatically.
Users shouldn't be made responsible for design flaws or implementation faults.