IE Vulnerability Exposing Banking Logins, Spreading Rapidly

← Back to Stories (view on slashdot.org)

IE Vulnerability Exposing Banking Logins, Spreading Rapidly

Posted by Unknown on Wednesday February 26, 2014 @03:12AM from the apt-get-wrong-operating-system dept.

jfruh writes "A vulnerability in Internet Explorer 9 and 10 that allows attackers to target banking login info, first reported on February 13, is being exploited in the wild, and attacks are spreading rapidly. Sites compromised by the malware run the gamut from U.S. Veterans of Foreign Wars site, to a site frequented by French military contractors, to a Japanese dating site. Microsoft has released a 'fix-it tool' but not a regular patch."

7 of 93 comments (clear)

Min score:

Reason:

Sort:

HAH!! I use IE6! by Anonymous Coward · 2014-02-26 03:16 · Score: 5, Funny

I'm immune!!!!
Band Aid Security Industry Top to Bottom by BoRegardless · 2014-02-26 03:33 · Score: 4, Insightful

CEOs have ignored security researchers since the start of the modern internet, because CEOs only want "Results now!"
Re:Is IE Really to Blame? by quickOnTheUptake · 2014-02-26 03:34 · Score: 4, Informative

The compromised site is being used to host/inject the exploit.The vulnerability that is being exploited is in IE 9 &10, and allows code execution. It is being used to get the credentials for other--non-compromised--websites.

--
Mod points: Guaranteed to remove your sense of humor.
Side effects may include gullibility and temporary retardation
Re:Hmmm... by The+Rizz · 2014-02-26 03:43 · Score: 5, Interesting

Well, for one thing, the anti-MS slant has been tapering off here for years; they're no longer seen as "Big Evil", but more of a "McComputer" sort of thing.
For another thing, most /. readers may like the OSS movement, but they primarily work in Windows, have friends who use Windows, have family who use Windows, and are often the ones who provide tech support to those friends/family/co-workers. Knowledge of these vulnerabilities do more good for more people than knowledge of the latest bugs in Epiphany.
Re:Laugh by hcs_$reboot · 2014-02-26 04:52 · Score: 4, Interesting

People still use IE?
Yes. Many non-IT companies require their users to use only IE, due to *security concerns* (the security concerns being that everybody should use the default browser provided with the OS, and not a random one of choice). This is usually the case where the CIO/IT management has been holding that same position for a relatively long time, signing that same yearly contract with Microsoft for OS+Office. In short, keeping the same IT environment is the recipe to ensuring there is no change on IT management side either.

--
Slashdot, fix the reply notifications... You won't get away with it...
Re:Is IE Really to Blame? by 140Mandak262Jamuna · 2014-02-26 04:55 · Score: 4, Informative

Microsoft says "The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated".
Clearly the wild pointer read error is in IE not in the server. They need to hack the server to post the exploit code in their server. But they could also create the same vulnerability in a site owned by them. No need to hack. But it is more difficult to lure visitors to the newly created malware site. That is why they need to hack a well visited site to upload the hack. But all visitors to that site using Chrome and Firefox and other versions of IE are not affected. Fault lies solely on these versions of IE

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
If we were serious about security... by ggraham412 · 2014-02-26 05:56 · Score: 4, Interesting

... we would stop loading up web browsers with "features" that only help content providers shove ever more ads and video down our gullets.