Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Exploits Unpatched IE Flaw

Posted by Zonk on from the unfriendly-haxxors dept.

onebuttonmouse writes "The Register reports on a trojan spotted in the wild that takes advantage of the so-far unpatched IE vulnerability mentioned on Slashdot earlier this week. From the article: 'The release of a Trojan that exploits an unpatched IE hole has prompted speculation that Microsoft may release an emergency out-of-cycle security patch. Delf-DH downloads other malware onto infected machines changing settings in order to monitor user activity and redirect surfers onto porn sites. The attack relies on a flaw in the way IE handles requests to the window() object.'"

32 of 177 comments (clear)

  1. Fix just came out. by suso · · Score: 5, Funny

    The fix for this is here

    1. Re:Fix just came out. by SatanicPuppy · · Score: 4, Funny

      ...and redirect surfers onto porn sites.

      Fix? It's not a bug, it's a feature. Maybe IE is improving!

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    2. Re:Fix just came out. by realnowhereman · · Score: 2, Insightful

      I like en_GB as much as the next man; but I'd hazard a guess that en_GB is lower priority as we can get by perfectly well with en_US. Slovenia, Norway and Finland - probably not so much.

      --
      Carpe Daemon
    3. Re:Fix just came out. by MtViewGuy · · Score: 4, Insightful

      That would be great if you didn't have to update all your themes and extensions and/or wait for updated themes and extensions just to support Firefox 1.5. You'd think everyone would be more timely on this.

    4. Re:Fix just came out. by Crayon+Kid · · Score: 4, Informative

      Unfortunately, Firefox 1.5 is also affected by the bug. Granted, it only freezes up and has to be killed manually, so it's not as severe as remote code execution. Still...

      --
      i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
  2. Thank god... by Anonymous Coward · · Score: 2, Funny

    Thank god I still use Mosaic. Hey, if it ain't broke...

    1. Re:Thank god... by timster · · Score: 4, Funny

      Oh gods... if it ain't broke, it ain't Mosaic.

      --
      I have seen the future, and it is inconvenient.
  3. Dupe... by NardofDoom · · Score: 5, Funny

    We heard about this same sort of thing hundreds of times. The editors really need to read the articles more carefully...

    --
    You have two hands and one brain, so always code twice as much as you think!
  4. This is great! by GauteL · · Score: 4, Funny

    "elf-DH downloads other malware onto infected machines changing settings in order to monitor user activity and redirect surfers onto porn sites."

    So it is basically automated pr0n! From now on, you won't have to use your left hand.

  5. Flaw? by CaymanIslandCarpedie · · Score: 5, Funny

    and redirect surfers onto porn sites

    Sounds more like a feature to me ;-)

    --
    "reality has a well-known liberal bias" - Steven Colbert
    1. Re:Flaw? by TCFOO · · Score: 2, Insightful

      Sounds more like a feature to me ;-)

      Unless you don't want to see that stuff.

      Think about this. 10 year old little Jimmy is on Yahoolagins playing Go Fish, and Delf-DH desides to work its majic jest as his mother walks into the room. The poor kid is going to have a sore rear end because of some malware and an IE security flaw.

  6. what's the problem... ;) by Dtyst · · Score: 5, Funny

    Average joe search for p0rn
    He fins a site with virus that gets installed on his computer.
    Virus finds the pr0n for him....
    Both win!

  7. Wait a minute! by ThatGeek · · Score: 2, Interesting

    You mean that IE isn't 100% dedicated to perfect security?

    I don't see the point of these announcements. People who care about not getting hacked are using Firefox, Opera, Safari or Lynx at this point.

    People who still use IE... well... they probably won't do much in response to this warning anyway.

    --
    What are you eating? isItVeg?.
    1. Re:Wait a minute! by supra · · Score: 2, Insightful

      > People who care about not getting hacked are using [a non-IE browser]
      Unfortunately there are still some sites that require IE, if for no other reason than ActiveX.
      A friend works w/ a site whose interface is primarily ActiveX. He doesn't want to use IE, but at least for that site, it's his job if he doesn't. That starts the snowball effect (personal settings, bookmarks, default browser, etc) which makes it harder to *only* use IE for that particular site.
      Sad but true.

      --
      On a computer or under a hood.
  8. Re:disable active scripting ... by tehshen · · Score: 4, Informative

    Disable what? Enable what? IE should be secure, I shouldn't need to work around it.

    --
    Guy asked me for a quarter for a cup of coffee. So I bit him.
  9. Very Scary! by roman_mir · · Score: 4, Funny

    Apparently this wild trojan uses IE to direct a very specific type of attack against /., which results in dupe stories being posted!

    --
    You can't handle the truth.
  10. Re:disable active scripting ... by tehshen · · Score: 3, Insightful

    I was trying to say that Microsoft should never offer this as a patch - it's not a patch, it's just turning off functionality, akin to fixing a leaky pipe by disconnecting the water. (Though as a temporary fix, it works)

    --
    Guy asked me for a quarter for a cup of coffee. So I bit him.
  11. I hate this style of commenting. by Vo0k · · Score: 3, Funny

    "The Register reports on a [[register article|trojan spotted in the wild]] that takes advantage of the so-far unpatched IE [[|Slashdot story|vulnerability]] mentioned on Slashdot earlier this week."

    That should be done like this:

    "The Register [[register article|reports]] on a [[a page with the trojan|trojan spotted in the wild]] that takes advantage of the so-far unpatched IE [[How to exploit?|vulnerability]] [[Slashdot story|mentioned on Slashdot]] earlier this week."

    --
    Anagram("United States of America") == "Dine out, taste a Mac, fries"
  12. porn on linux by lithod02 · · Score: 3, Funny

    So, if I run IE under wine on linux I can get all the free pr0n delivered to my desktop. Nice. Click the big blue "E" for free e-pr0n

  13. Re:disable active scripting ... by digitaldc · · Score: 3, Funny

    Their reply would be: you really don't need the water anyway.

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  14. One Care Live by VisceralLogic · · Score: 2, Informative

    Maybe they're selling the fix through the new anti-virus software?

    --
    Stop! Dremel time!
  15. Crapware by PacketScan · · Score: 2, Insightful

    Would this be the 6 month old exploit that MS didn't feel was important enough to take care of? Complete Crap..

  16. This is the perfect example by this+great+guy · · Score: 4, Insightful

    ...of why we say that MS doesn't care enough about the security of its users. MS should be even more committed into improving the speed of development & QA of security patches. This particular zero-day vuln is known since at least one week, and MS still hasn't distributed a fix. Delaying the release of a fix to Patch Tuesday doesn't make any sense when the vuln details are already publicly known. They should at least release beta patches (if the QA process is not yet complete) for users who NEED security and can afford potential stability problems. Other users can wait for Patch Tuesday if they want.

    But one week is nothing compared to other vulns. Look at this list of other currently unpatched holes in MS products: http://www.eeye.com/html/research/upcoming/index.h tml. Some of them has been reported months ago and are still unfixed. This is inadmissible for a multi-billion dollars company.

    1. Re:This is the perfect example by Tschepsit · · Score: 2, Insightful
      This is inadmissible for a multi-billion dollars company.
      No, this would be standard practice for a multi-billion dollars company. Left hand, meet...oh crap, where'd right hand go?
  17. i need a copy please by LodCrappo · · Score: 2, Funny

    could anyone point me to where I might pickup this gem of a virus? I'm a little bored and was hoping to "research" the auto-pr0n capabilities. Reinstalling IE now...

    --
    -Lod
  18. In other news... by ZachPruckowski · · Score: 5, Funny

    The Sky is blue!

    Bears still crap in the woods!

    Amazingly, the Pope is Catholic!

  19. Lets keep it fair! by XMilkProject · · Score: 4, Interesting

    Before everyone gets too worked up bashing IE, as in the previous few articles on this exploit, let's remember that this problem was freezing/crashing FireFox 1.5 also.
    Although the security threat isn't existent in FireFox, the browser still fails on these pages.

    Now before I get flamed, let it be known that I think IE is a disaster and it's lack of standards compliance is one of the main things holding back proper advancment in web technologies, but we don't want to go and be unfair when our browser crashes too!

    --
    Big ones, small ones, some as big as yer 'ead!
    Give 'em a twist, a flick o' the wrist...
    1. Re:Lets keep it fair! by amrust · · Score: 2, Interesting

      I agree, fair is fair. But /. has been pretty good about making a big deal over "flaws" in Firefox, lately. It wasn't too long ago that I recall reading here almost once a week about some "new security vulnerability" in Firefox.

      Of course, I'm bitter about IE this week anyway, after trying like crazy to get IE to work with Outlook Web Access, for my wife in her office at home. Ran every update Microsoft asked for, searched every Knowledge base article I could find. No help. How did I resolve it?

      I switched my wife to Firefox, and it works just fine. One of her department heads (after telling them about how we fixed 'her email problem') basically replied "that's what we use at home, too. It's better and more secure, anyway."

      Microsoft better watch out. Like it or not, Firefox is creeping up on them, little by little.

      --
      VOTE!
    2. Re:Lets keep it fair! by ZachPruckowski · · Score: 4, Interesting

      Although the security threat isn't existent in FireFox, the browser still fails on these pages.

      "$RANDOM_WEBSITE crashes a browser" isn't worth a news article. It's worth a bug report, and a fix, either to the site or to the browser, but it isn't worth a news story. Major crashes and computers being remotely controlled, however, is a big deal.

  20. Re:disable active scripting ... by m50d · · Score: 4, Insightful

    And yet when someone suggests a firefox extension as a fix for something, that's all well and good.

    --
    I am trolling
  21. MS updated Live but not IE... by MWales · · Score: 2, Interesting

    So, the vulnerability is 6 months old, and it never got fixed as a minor risk. It got escalated to a highly critical risk (by almost all security bulletin systems) over 1 week ago, when a proof of concept came out showing that a malicious site could cause take control of PC remotely. Now there is even malicious trojans out on the net exploiting this hole in IE.

    So in 1 week, what did MS do? The promoted their new Live product of course. Microsoft released a security advisory stating that no patch exists to fix the problem, but you can visit the Windows Live Safety Center and get the trojan removed by Microsoft. So instead of using some resources to fix the problem, they instead devoted resources to their "anti-virus" software, and promote it as the workaround. Well, one wonders, if this causes them to get significant visibility and traffic to their new product, why bother even fixing the original problem?

  22. 3rd time reported, and its still not news by GISGEOLOGYGEEK · · Score: 2, Insightful

    Thanks slashdot, you've now reported this non-story 3 times.

    How about we start reporting every little problem with non-MS products 3 times each ... instead of maybe reporting every 5th problem.

    It's time for a little balance here!

    --
    George Bush + Linux = "I will not let information get in the way of the fight against Windows"