BBC Site Used as IE Attack Lure

← Back to Stories (view on slashdot.org)

BBC Site Used as IE Attack Lure

Posted by ryuzaki0 on Thursday March 30, 2006 @02:23PM from the reads-good-enough-to-be-true dept.

capt turnpike writes "The hits just keep coming... according to eWEEK.com, someone is using actual excerpts of BBC news stories to 'launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.' One example is a story blurb masking the download and installation of a keylogger -- with no user interaction. And it doesn't even tell you it loves you."

13 of 83 comments (clear)

Min score:

Reason:

Sort:

Erm, why is this a story? by baldass_newbie · 2006-03-30 14:27 · Score: 5, Insightful

I mean, a known bug is exploited and it's using quoted text from the BBC site.
If they do it again tomorrow with text from nytimes.com would that be another story?

--
The opposite of progress is congress
1. Re:Erm, why is this a story? by i_should_be_working · 2006-03-30 14:41 · Score: 4, Funny
  
  Maybe slashdot will be spoofed next. That will be a story. That could be the story. Emails that read:
  
  "Tech website Slashdot article links to vulnerability exploiting websites. Read more here"
  
  And whoever submits it to /. won't even have to rephrase it.
2. Re: Erm, why is this a story? by Black+Parrot · 2006-03-30 14:53 · Score: 4, Funny
  
  > If they do it again tomorrow with text from nytimes.com would that be another story?
  
  And will it be safe to read about it at BBC?
  
  --
  Sheesh, evil *and* a jerk. -- Jade
3. Re:Erm, why is this a story? by Firehed · 2006-03-30 15:59 · Score: 5, Funny
  
  Wouldn't this end up creating some sort of infinate dupe-loop and tear the fabric of space-time?
  
  --
  How are sites slashdotted when nobody reads TFAs?
4. Re:Erm, why is this a story? by richdun · 2006-03-30 16:26 · Score: 4, Funny
  
  Possibly. It'd be the first exploit that required soul-sucking registration to activate it.
Now I'm worried.... by Black+Copter+Control · 2006-03-30 14:30 · Score: 4, Funny

From TFA:
Click here to read more about drive-by attacks on the Internet Explorer vulnerability.
And if I click there, just what do I get?
(Times like this I'm glad that I use linux ... Until, of course, the next zero-day firefox hole, at which point I'll switch to konqueror or..).

--
OS Software is like love: The best way to make it grow is to give it away.
1. Re:Now I'm worried.... by the-amazing-blob · 2006-03-30 14:45 · Score: 5, Funny
  
  And if I click there, just what do I get?
  I don't understand why everyone is so afraid of these things. They monitor us, keep track of us. The kind of thing a girlfriend would do if we had one. Think of keyloggers and the like as your new Girlfriend (beta 0.2, results may vary)
WOW! by jav1231 · 2006-03-30 14:44 · Score: 4, Funny

An IE vulnerability! That's news!
Fake URLS Suck! by Giant+Ape+Skeleton · 2006-03-30 14:53 · Score: 5, Funny

According to This article, using bogus URL's to trick people is still the most effective social engineering trick in the book. Of course, that may not apply to those in the Slashdot community :p

--
The difference between stupidity and genius is that genius has its limits.
1. Re:Fake URLS Suck! by MBCook · 2006-03-30 15:03 · Score: 5, Funny
  
  I clicked your link.
  It's an apache configuration page!
  I'M BEING HACKED!
  AAAAAAaaaaahhhhhh......
  I'd better call the FBI!
  
  --
  Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Re:How is this news? by TommyBlack · 2006-03-30 14:55 · Score: 4, Funny

WOW! It's not like they took over the BBC site and used it.
No, of course not. I'm the one who did that.

Click here to read an interesting BBC story about it

--
Why do my serious comments get modded "funny"?
My SITE HAS BEEN HIJACKED by Billly+Gates · 2006-03-30 15:00 · Score: 4, Funny

MY name is James Taylor and I clicked on your link and then the web went down all by itself!

It was taking over by a hostile native american terrorist organization called apache running on Gentoo gnu/linux. Damit hacker! I need to call the FBI over and sue you for this.

--
http://saveie6.com/
What harm in bundling the browser? by chill · 2006-03-30 15:24 · Score: 4, Insightful

So, what harm is there in bundling the browser with the OS shipped on 90% of the retail PCs in the world? What harm is there in integrating the browser into the core of the operating system?

Apparently, if you bundle a half-ass product where only lip service was paid to security, the cost is greater than anyone realizes. IE was crammed in there with the sole purpose of crushing Netscape and dominating the Internet market. It was rushed, with slipshod quality and security only as an afterthough -- and that only by the PR department.

"Where do you want to go today?" seems to have found an answer... ...let's stop by your bank and credit card accounts on the way to an organized crime hangout and/or third-world country! Fun!

-Charles

--
Learning HOW to think is more important than learning WHAT to think.