BBC Site Used as IE Attack Lure

capt turnpike writes "The hits just keep coming... according to eWEEK.com, someone is using actual excerpts of BBC news stories to 'launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.' One example is a story blurb masking the download and installation of a keylogger -- with no user interaction. And it doesn't even tell you it loves you."

How is this news?

So... they used BBC news as bait... WOW! It's not like they took over the BBC site and used it.

How ironic, the full article has drive by links

[rivj0r]

You'd have to be crazy to click on them while reading that article.

Newsworthy?

[Yomer333]

Not really sure why this is even news. After a computer security competition last weekend, I had the chance to talk to professional security auditors, i.e. hackers. The reason I bring it up is that at one point, one of them said that "he had a web page he would like everyone to visit...with firefox." Needless to say, this scared the shit out of me. After pressing for more info of browser related exploits, he said that IE7 is suprisingly solid security-wise. Same goes for Vista, at least the parts of it that are finished (no more ldap). I shudder at the thought of IE pushers trying to convince people to switch away from firefox because it's not secure enough. I don't know, food for thought.

Re:Newsworthy?

[zcat_NZ]

What's the URL?

I can name plenty of URL's that install drive-by spyware on MSIE (astalavista.box.sk, serials.ws). Go ahead and give me even one solitary URL that installs drive-by spyware through firefox. Just one! I promise I will visit it with firefox, and let you know the results.