Web browser flaw prompts warning (June 26)

  • Thread starter Thread starter Pepperoni
  • Start date Start date
P

Pepperoni

http://news.bbc.co.uk/2/hi/technology/3840101.stm
Users are being told to avoid using Internet Explorer until Microsoft
patches a serious security hole in it.
The loophole is being exploited to open a backdoor on a PC that could let
criminals take control of a machine.

The threat of infection is so high because the code created to exploit the
loophole has somehow been placed on many popular websites.

Experts say the list of compromised sites involves banks, auction and price
comparison firms and is growing fast.

Serious problem

The net watchdog, the US Computer Emergency Reponse Center (Cert), and the
net security monitor, the Internet Storm Center, have both issued warnings
about the combined threat of compromised websites and browser loophole.

Cert said: "Users should be aware that any website, even those that may be
trusted by the user, may be affected by this activity and thus contain
potentially malicious code."

In its round-up of the threat the Internet Storm Center bluntly stated that
users should if possible "use a browser other then MS Internet Explorer
until the current vulnerabilities in MSIE are patched."
 
Microsfoft seem to be lax at times when it comes to deciding to actualy fix
a problem. There are alternatives to internet explorer that work just
aswell, if not better in some areas.
 
In its round-up of the threat the Internet Storm Center bluntly stated that
users should if possible "use a browser other then MS Internet Explorer
until the current vulnerabilities in MSIE are patched."
Click to expand...

Of course, you might want to continue to use this alternative browser to
avoid being victimized by any future exploits of MSIE.
So much nicer to simply read about the tribulations of those
unfortunates, than to be one.
 
Mm, doncha just love vague warnings with no specifics. Bah...take this with a grain of salt, people.
 
It was vague because the method is still being investigated, and the malware
downloaded varied greatly. The malicious website from which the malware
packages were downloaded was blocked. (Friday, I believe)

So far the server/browser combination has not been given a single name. In
its warning about the problem Microsoft calls it download.ject but others,
such as F-Secure, are calling it Scob.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126241

http://www.microsoft.com/security/incident/download_ject.mspx

The trojan was acquired by merely visiting an altered web page. It took
several days to identify key files associated with the infection. The
presence of the files Kk32.dll and Surf.dat are indications of
exposure. Additional packages were downloaded, and varied widely.
Currently the downloads are blocked, but varients are being expected.
Current AV updates should detect and remove the critter.
 
It was vague because the method is still being investigated, and the malware
downloaded varied greatly. The malicious website from which the malware
packages were downloaded was blocked. (Friday, I believe)

So far the server/browser combination has not been given a single name. In
its warning about the problem Microsoft calls it download.ject but others,
such as F-Secure, are calling it Scob.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126241

http://www.microsoft.com/security/incident/download_ject.mspx

The trojan was acquired by merely visiting an altered web page. It took
several days to identify key files associated with the infection. The
presence of the files Kk32.dll and Surf.dat are indications of
exposure. Additional packages were downloaded, and varied widely.
Currently the downloads are blocked, but varients are being expected.
Current AV updates should detect and remove the critter.
Click to expand...

I wonder if OffByOne, 'the 1 meg wonder browser' would have
been affected. It's the first browser I try on unknown sites.
If it's a NoGo, I next try Firefox with java and java script
disabled. I have IE6 fully updated and set up to be 'dumb as
a box of rocks', but seldom use it.

BoB
 
I wonder if OffByOne, 'the 1 meg wonder browser' would have
been affected. It's the first browser I try on unknown sites.
Click to expand...

I haven't found a site yet that compromised OB1,
nor Opera for that matter. I think you have to have the proper worm
handler plugin installed, you know, the one called MSIE/OE <g>
 
Back
Top