Slashdot Mirror
New Trojan Threatens Windows XP SP 2
lightdarkness writes "Symantec is reporting about a new virus called Phel (Anagram of 'help') which is a Trojan which spreads via a HTML file. All the user needs to do is go to the page, and it takes advantage of the vulnerability in the IE Help control component files. This allows the attacker to download malicious programs on to the machine. Worst part is, this is one of the exploits that even effects SP2. Microsoft is said to be working to stop the spread, and to release a patch." The exploit is apparently not the same as the help file problems disclosed last week.
Oh... yeah... IE is great... no need to change it until longhorn...
so what exactly processes HTML in windows again? Some third party plugin? No... IE? ahhh... what a shame... and here I thought that there was no need to do anything to IE as it is so perfect...
---
Programming is like sex... Make one mistake and support it the rest of your life.
" Worst part is, this is one of the exploits that even effects SP2."
Oh, it causes SP2? That's absolutely terrible - it must be stopped!
...Microsoft will lose before it manages to put out a new and more secure version of IE (assuming that is even possible ;-)). I keep hearing from friends who work as IT managers that they are systematically blocking access to IE and installing Firefox on their corporate clients (although that doesn't really shut IE down). IE's getting a really bad rap even in those environments where Microsoft marketing used to have more influence than cold hard facts... and if they don't do something decisive about it rather than releasing ad-hoc patches they're going to have a hell of a time restoring confidence in their product. Then again, they've been able to boounce back before... and it's not like they don't have the money to spend on marketing!
The day Microsoft makes a product that doesn't suck is the day they make a vacuum cleaner.
Relying on Windows for security is like fighting for peace, or screwing for virginity. 'Nuff said.
- The Kessel run is for nerf herders. I can circumnavigate the entire Central Finite Curve in a lot less than 12 parse
Sorry, couldn't resist the anagram. Here's the source code for the phel trojan. This trojan is written in a very high level language. By a strange temporal accident involving a singularity, an anagram, and MS's open-door policy, the source code closely resembles a certain song lyric that goes by the same name.
;-)
The lyrics are kinda fitting, don't you think?
[snip]
When I was younger, so much younger than today,
I never needed anybody's help in any way.
But now these days are gone, I'm not so self assured,
Now I find I've changed my mind and opened up the doors.
Help me if you can, I'm feeling down
And I do appreciate you being round.
Help me, get my feet back on the ground,
Won't you please, please help me.
And now my life has changed in oh so many ways,
My independence seems to vanish in the haze.
But every now and then I feel so insecure,
I know that I just need you like I've never done before.
Help me if you can, I'm feeling down
And I do appreciate you being round.
Help me, get my feet back on the ground,
Won't you please, please help me.
[/snip]
- Help by The Beatles
if this is what they meant with "extensible platform": http://slashdot.org/article.pl?sid=04/12/30/185323 2&tid=113
nope, Firefox is not at threat to Internet Explorer .. Internet Explorer is a threat to Internet Explorer!
The problem is, the end users who will visit these types of sites, especially in IE (the same users who will open e-mails for free Vioxx or Rolex watches)
Microsoft is working to forensically analyze the malicious code in Phel and will work with law enforcement agencies to identify and bring to justice those responsible for the malicious activity, he said.
They always want to catch the bad guys but Microsoft itself is never held responsible fot the damages their crippled software causes.
As a software developer myself, I know it's almost impossible to make a big software product 100% bug free but come on... Microsoft's software is becoming ridiculous!
Trojans in IE counts as news still? Its like someone throws us a surprise party every three months and we feel obliged to keep acting surprised.
"A man is but the product of his thoughts what he thinks, he becomes." -Mahatma Gandhi
Customers in the U.S. who believe they have been attacked should contact their local FBI office or post their complaint online at www.ifccfbi.gov
Non MS users should contact the FBI and tell them we don't want our tax dollars to go to phel. Let Microsoft deal with it.
That's good, blame the victim. Just what sites are those? Where's the big list of sites you shouldn't visit? We might know where to avoid, but how is Joe User going to know?
Typical MSFT response. Instead of fixing their busted ass software they blame the victim. How's the weather in Redmond today?
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
This is a good example of why "IE only looks bad because it has the most market share" is at best dubious, and why IE is going to continue to struggle with problems that don't affect other browsers.
In particular, here we have problems in a scriptable ActiveX control for presenting Windows Help files. It's nice to have that available for Windows integration, and maybe for intranet Web applications (though regular Web pages are fine for the vast majority of online help), but people don't need it for regular Web surfing. There have been tons of flaws in these preloaded ActiveX controls, but Microsoft seems unwilling to change its policy to reduce this attack surface.
1) the list of FORMER competitors of MS is a long one..anyone remember DR-DOS, which always got better reviews in the trade journals ? Lets add borland, lotus, star office, etc etc. A rationale person has some humility and or fear when confronted with a proven champion, regardless of the methods the champion uses.
/. readers can supply many other examples of companies that died when there single flagship product was late or buggy; only MS can live to fight another day, with its cash flow and monomply posistions.
/. and firefox cause they are playing the wrong game. I don't think he cares a flying f*ck about technical superiority, or bloat or stuff like that; he cares about market share. For all we know, he may be happy that the 10% of the market consisting of geeks is distracted by linux and firefox - it never makes economic sense for a biz to care about more then 80% of the market.
2) Unlike other companies, MS can survive a disaster - (either DOS 4 or 5) was a dog that would have killed any other company; MS survived to fight another day (eg, borland died when they were late with one product). I'm sure
3) IMHO, MS has developed an unusual corp ability - the ability to throw money at a problem and solve it. IF gates and ballmer were really interested, they could release a new IE next year.
4) Gates is laughing at
5) there is something kinda pathetic and geekish and teenagerish in this constant gloating about bugs in MS products. Maybe worm writers don't write for *nix because that is not where the market is - if you r interested in making money, an not tech bragging writes, why wd u care about the geeks using linux. no money and hard to cheat - just not a soft target (the same principal by which "insurgents" choose unarmored Iraqis over armored mobile americans.
Untill there is some reasonably similar user base, any comparision of worms or bugs or whatever you want to call them, between nix and ms, is meanignleess. Its sort of like comparing gas mileage between GM and solectra. Just not a comparison that has meaning in the real world of sales and market share.
6) Since the game gates is playing is market share and sales and PROFITS, maybe he is not that interested in the OS or the browser - maybe they think OSs and Browsers will become commodity objects, and the money is in apps.
think about ibm selling its pc division - companies exist to make money, not technically superior produdts. Sometimes you can win on technical superiority; sometimes not
/begin{Sarcasm}
You know, when I found out that Microsoft would no longer develop IE for Macs, I was so sad.
\end{Sarcasm}
Having done so much with so little for so long, I now can do anything with nothing at all.
I would like to take this moment to accept the apologies of all the assholes who said things like, "windows is secure, just upgrade to sp2." I'm sure that all of you feel much better after saying that you are sorry and admitting that you were wrong.
The Farewell Tour II