BBC Site Used as IE Attack Lure

← Back to Stories (view on slashdot.org)

BBC Site Used as IE Attack Lure

Posted by ryuzaki0 on Thursday March 30, 2006 @02:23PM from the reads-good-enough-to-be-true dept.

capt turnpike writes "The hits just keep coming... according to eWEEK.com, someone is using actual excerpts of BBC news stories to 'launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.' One example is a story blurb masking the download and installation of a keylogger -- with no user interaction. And it doesn't even tell you it loves you."

21 of 83 comments (clear)

Min score:

Reason:

Sort:

How is this news? by Anonymous Coward · 2006-03-30 14:26 · Score: 3, Interesting

So... they used BBC news as bait... WOW! It's not like they took over the BBC site and used it.
1. Re:How is this news? by TommyBlack · 2006-03-30 14:55 · Score: 4, Funny
  
  WOW! It's not like they took over the BBC site and used it.
  No, of course not. I'm the one who did that.
  
  Click here to read an interesting BBC story about it
  
  --
  Why do my serious comments get modded "funny"?
eWeek is retarded... by ninja_assault_kitten · 2006-03-30 14:27 · Score: 3, Insightful

"The hits keep coming in..." Yeah, 1 every hour. The media wants to make this the most critical vulnerability that ever existed. What a joke.
Erm, why is this a story? by baldass_newbie · 2006-03-30 14:27 · Score: 5, Insightful

I mean, a known bug is exploited and it's using quoted text from the BBC site.
If they do it again tomorrow with text from nytimes.com would that be another story?

--
The opposite of progress is congress
1. Re:Erm, why is this a story? by i_should_be_working · 2006-03-30 14:41 · Score: 4, Funny
  
  Maybe slashdot will be spoofed next. That will be a story. That could be the story. Emails that read:
  
  "Tech website Slashdot article links to vulnerability exploiting websites. Read more here"
  
  And whoever submits it to /. won't even have to rephrase it.
2. Re: Erm, why is this a story? by Black+Parrot · 2006-03-30 14:53 · Score: 4, Funny
  
  > If they do it again tomorrow with text from nytimes.com would that be another story?
  
  And will it be safe to read about it at BBC?
  
  --
  Sheesh, evil *and* a jerk. -- Jade
3. Re:Erm, why is this a story? by Firehed · 2006-03-30 15:59 · Score: 5, Funny
  
  Wouldn't this end up creating some sort of infinate dupe-loop and tear the fabric of space-time?
  
  --
  How are sites slashdotted when nobody reads TFAs?
4. Re:Erm, why is this a story? by richdun · 2006-03-30 16:26 · Score: 4, Funny
  
  Possibly. It'd be the first exploit that required soul-sucking registration to activate it.
Now I'm worried.... by Black+Copter+Control · 2006-03-30 14:30 · Score: 4, Funny

From TFA:
Click here to read more about drive-by attacks on the Internet Explorer vulnerability.
And if I click there, just what do I get?
(Times like this I'm glad that I use linux ... Until, of course, the next zero-day firefox hole, at which point I'll switch to konqueror or..).

--
OS Software is like love: The best way to make it grow is to give it away.
1. Re:Now I'm worried.... by the-amazing-blob · 2006-03-30 14:45 · Score: 5, Funny
  
  And if I click there, just what do I get?
  I don't understand why everyone is so afraid of these things. They monitor us, keep track of us. The kind of thing a girlfriend would do if we had one. Think of keyloggers and the like as your new Girlfriend (beta 0.2, results may vary)
2. Re:Now I'm worried.... by Mal-2 · 2006-03-30 16:40 · Score: 3, Funny
  
  > Think of keyloggers and the like as your new Girlfriend (beta 0.2, results may vary)
  
  I'm worried about the child processes that will be spawned...
  
  Mal-2
  
  --
  How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
WOW! by jav1231 · 2006-03-30 14:44 · Score: 4, Funny

An IE vulnerability! That's news!
Fake URLS Suck! by Giant+Ape+Skeleton · 2006-03-30 14:53 · Score: 5, Funny

According to This article, using bogus URL's to trick people is still the most effective social engineering trick in the book. Of course, that may not apply to those in the Slashdot community :p

--
The difference between stupidity and genius is that genius has its limits.
1. Re:Fake URLS Suck! by MBCook · 2006-03-30 15:03 · Score: 5, Funny
  
  I clicked your link.
  It's an apache configuration page!
  I'M BEING HACKED!
  AAAAAAaaaaahhhhhh......
  I'd better call the FBI!
  
  --
  Comment forecast: Bits of genius surrounded by a sea of mediocrity.
2. Re:Fake URLS Suck! by Anonymous Coward · 2006-03-30 15:09 · Score: 3, Funny
  
  woah, whoever maintains that site is one sick f*cker.
3. Re:Fake URLS Suck! by jftitan · 2006-03-30 15:18 · Score: 3, Funny
  
  Tech Support : I'm sorry sir, but Apache is the name for the webserver software used to run your webpage.
  
  you:..... AHHHHHHHHHH
  
  Tech Support: You go right ahead and call the FBI and Police, I'll be sure to let them know about everything, right after I shoot off our transcribed converation to your local news agency.
  
  you: (what you say, next will make an interesting conversation)
  
  --
  "Don't Forget to Salt the Fries"
My SITE HAS BEEN HIJACKED by Billly+Gates · 2006-03-30 15:00 · Score: 4, Funny

MY name is James Taylor and I clicked on your link and then the web went down all by itself!

It was taking over by a hostile native american terrorist organization called apache running on Gentoo gnu/linux. Damit hacker! I need to call the FBI over and sue you for this.

--
http://saveie6.com/
Newsworthy? by Yomer333 · 2006-03-30 15:20 · Score: 3, Interesting

Not really sure why this is even news. After a computer security competition last weekend, I had the chance to talk to professional security auditors, i.e. hackers. The reason I bring it up is that at one point, one of them said that "he had a web page he would like everyone to visit...with firefox." Needless to say, this scared the shit out of me. After pressing for more info of browser related exploits, he said that IE7 is suprisingly solid security-wise. Same goes for Vista, at least the parts of it that are finished (no more ldap). I shudder at the thought of IE pushers trying to convince people to switch away from firefox because it's not secure enough. I don't know, food for thought.
1. Re:Newsworthy? by bunratty · 2006-03-30 15:32 · Score: 3, Informative
  
  Gosh. I'm glad you told me this. Now I'll know better and ignore all those warnings about extremely critical vulnerabilities in Internet Explorer from Secunia I keep seeing.
  
  --
  What a fool believes, he sees, no wise man has the power to reason away.
2. Re:Newsworthy? by zcat_NZ · 2006-03-30 16:47 · Score: 3, Interesting
  
  What's the URL?
  
  I can name plenty of URL's that install drive-by spyware on MSIE (astalavista.box.sk, serials.ws). Go ahead and give me even one solitary URL that installs drive-by spyware through firefox. Just one! I promise I will visit it with firefox, and let you know the results.
  
  --
  455fe10422ca29c4933f95052b792ab2
What harm in bundling the browser? by chill · 2006-03-30 15:24 · Score: 4, Insightful

So, what harm is there in bundling the browser with the OS shipped on 90% of the retail PCs in the world? What harm is there in integrating the browser into the core of the operating system?

Apparently, if you bundle a half-ass product where only lip service was paid to security, the cost is greater than anyone realizes. IE was crammed in there with the sole purpose of crushing Netscape and dominating the Internet market. It was rushed, with slipshod quality and security only as an afterthough -- and that only by the PR department.

"Where do you want to go today?" seems to have found an answer... ...let's stop by your bank and credit card accounts on the way to an organized crime hangout and/or third-world country! Fun!

-Charles

--
Learning HOW to think is more important than learning WHAT to think.