Criminals Attacking Myspace, Facebook IE Plugins

An anonymous reader writes "According to the Washington Post's Security Fix blog, cyber criminals are populating the Internet with Web sites designed to exploit several recently-discovered security holes in a half-dozen widely used ActiveX plug-ins for IE 6 and 7, most notably the one offered by Facebook and MySpace to help users upload photos. The sites, advertised via links in email and instant message spam, also 'probe for other vulnerable IE plug-ins, including two recently discovered from Yahoo! and one for QuickTime (this one attacks a vulnerability Apple patched just last month). The sites also throw in an exploit against a six-month-old IE flaw.' The article notes that the SANS Internet Storm Center has released a GUI tool to help users safely deactivate the vulnerable plug-ins in the Windows registry."

Get rid of ActiveX

[CastrTroy]

Haven't they gotten rid of activeX(ploit) by now? I can't recall the last time I saw it being used for anything useful. It's nice that IE7 is somewhat standards compliant, and that IE8 will be even moreso, but if they can't fix/remove activeX, I think that they will really lose a lot more users to the more secure browsers.