Slashdot Mirror

← Back to Stories (view on slashdot.org)

BBC Site Used as IE Attack Lure

Posted by ryuzaki0 on from the reads-good-enough-to-be-true dept.

capt turnpike writes "The hits just keep coming... according to eWEEK.com, someone is using actual excerpts of BBC news stories to 'launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.' One example is a story blurb masking the download and installation of a keylogger -- with no user interaction. And it doesn't even tell you it loves you."

6 of 83 comments (clear)

  1. eWeek is retarded... by ninja_assault_kitten · · Score: 3, Insightful

    "The hits keep coming in..." Yeah, 1 every hour. The media wants to make this the most critical vulnerability that ever existed. What a joke.

  2. Erm, why is this a story? by baldass_newbie · · Score: 5, Insightful

    I mean, a known bug is exploited and it's using quoted text from the BBC site.
    If they do it again tomorrow with text from nytimes.com would that be another story?

    --
    The opposite of progress is congress
  3. Wow by mboverload · · Score: 1, Insightful

    Wow, saying a link is something that it's not to lure victims! What a novel idea!

    *chokes*

  4. What harm in bundling the browser? by chill · · Score: 4, Insightful

    So, what harm is there in bundling the browser with the OS shipped on 90% of the retail PCs in the world? What harm is there in integrating the browser into the core of the operating system?

    Apparently, if you bundle a half-ass product where only lip service was paid to security, the cost is greater than anyone realizes. IE was crammed in there with the sole purpose of crushing Netscape and dominating the Internet market. It was rushed, with slipshod quality and security only as an afterthough -- and that only by the PR department.

    "Where do you want to go today?" seems to have found an answer... ...let's stop by your bank and credit card accounts on the way to an organized crime hangout and/or third-world country! Fun!

      -Charles

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re:What harm in bundling the browser? by Tim+C · · Score: 2, Insightful

      It was rushed, with slipshod quality

      Maybe we're thinking of different versions of IE, but while I agree with your comments on security, I can't agree with that statement.

      I remember IE 3; it was no match for Netscape 3 in terms of features or stability. Compared to Netscape 4 it was laughable; Navigator shat all over it from a great height.

      Then IE 4 came out, and everything changed.

      IE 4 was far more stable, faster and had more features. As an example, when resizing the window, Netscape had to rerequest the page from the server; IE did not. Netscape crashed on average a couple of times a day for me, both under Windows and Linux. When Mozilla development started and they published their set of browser torture tests, I distinctly remember one page that featured a lot of deeply nested tables. IE (5?) rendered it in a handful of seconds; Netscape 4 took over a minute.

      Now don't get me wrong, I have never and likely never will use IE as my primary browser. I went straight from Netscape 4 to one of the milestone builds of Mozilla (and currently use Firefox). Despite all the issues with Netscape 4 (instability, incresing number of sites that didn't work with it, etc) I simply could not bring myself to use IE. Even now, the only time I use IE is when I have to, if a site doesn't work in Firefox (generally my fault these days due to an over-zealous Adblock config) or if I have to for a site I'm working on at work. I'm no IE fan-boy; quite the opposite in fact, I can't stand it.

      However, saying that IE was of "slipshod quality" is disingenuous at best. Yes, modern browsers are superior to IE 6 in almost every regard, but at the time that IE was being integrated into Windows, it had little or no competition.

      let's stop by your bank and credit card accounts on the way to an organized crime hangout and/or third-world country! Fun!

      What's wrong with surfing a site in a third-world country?

      --
      It's official. Most of you are morons.
  5. April 11??? by Black+Copter+Control · · Score: 2, Insightful
    So Microsoft is planning to release a patch for this zero-day drive-by attack on April 11.....

    Hackers Thank God for Microsoft Marketing Policy.

    The policy may be designed to make life easier on sysadmins (or, at least, their managers), but it also makes life easier on hackers. I mean, if I had a zero day exploit, I'd start using it on patch day. That way I'd probably have a full month to exploit it before Microsoft released their scheduled patch.

    Scheduled monthly patches are fine for non-critical issues, but when you have zero-day drive-by exploits like this, you've got to have a policy that puts user security ahead of marketing hype. Waiting until you have a full-fledged epidemic is not the way to secure your user's future.

    --
    OS Software is like love: The best way to make it grow is to give it away.