Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Exploits Unpatched IE Flaw

Posted by Zonk on from the unfriendly-haxxors dept.

onebuttonmouse writes "The Register reports on a trojan spotted in the wild that takes advantage of the so-far unpatched IE vulnerability mentioned on Slashdot earlier this week. From the article: 'The release of a Trojan that exploits an unpatched IE hole has prompted speculation that Microsoft may release an emergency out-of-cycle security patch. Delf-DH downloads other malware onto infected machines changing settings in order to monitor user activity and redirect surfers onto porn sites. The attack relies on a flaw in the way IE handles requests to the window() object.'"

4 of 177 comments (clear)

  1. Re:disable active scripting ... by tehshen · · Score: 3, Insightful

    I was trying to say that Microsoft should never offer this as a patch - it's not a patch, it's just turning off functionality, akin to fixing a leaky pipe by disconnecting the water. (Though as a temporary fix, it works)

    --
    Guy asked me for a quarter for a cup of coffee. So I bit him.
  2. This is the perfect example by this+great+guy · · Score: 4, Insightful

    ...of why we say that MS doesn't care enough about the security of its users. MS should be even more committed into improving the speed of development & QA of security patches. This particular zero-day vuln is known since at least one week, and MS still hasn't distributed a fix. Delaying the release of a fix to Patch Tuesday doesn't make any sense when the vuln details are already publicly known. They should at least release beta patches (if the QA process is not yet complete) for users who NEED security and can afford potential stability problems. Other users can wait for Patch Tuesday if they want.

    But one week is nothing compared to other vulns. Look at this list of other currently unpatched holes in MS products: http://www.eeye.com/html/research/upcoming/index.h tml. Some of them has been reported months ago and are still unfixed. This is inadmissible for a multi-billion dollars company.

  3. Re:disable active scripting ... by m50d · · Score: 4, Insightful

    And yet when someone suggests a firefox extension as a fix for something, that's all well and good.

    --
    I am trolling
  4. Re:Fix just came out. by MtViewGuy · · Score: 4, Insightful

    That would be great if you didn't have to update all your themes and extensions and/or wait for updated themes and extensions just to support Firefox 1.5. You'd think everyone would be more timely on this.