Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

New Exploit Rocks IE, Downloads Scores Of Spyware, Adware
TechWeb ^ | September 19, 2006 | Gregg Keizer

Posted on 09/19/2006 5:36:00 PM PDT by Eagle9

An unpatched vulnerability in all editions of Microsoft's Internet Explorer browser is being exploited, security researchers said Tuesday, with the attack dumping a broad range of adware, spyware, and Trojans onto PCs whose users simply surf to an infected or malicious site.

First reported by Sunbelt Software -- although rival Internet Security Systems claimed it was the first to discover the bug -- the vulnerability is in how IE renders VML (Vector Mark-up Language), an extension of XML that defines on-the-Web images in vector graphics format. The previously unknown -- and thus unpatched -- bug inside IE is already being used by attackers.

So far, said Eric Sites, vice president of research and development at Sunbelt, the exploit has shown up on hardcore porn sites, which are serving a buffet of badware to users who visit those sites.

"First they were pushing Virtumondo adware," said Sites, "but by late afternoon yesterday, these sites were distributing more than 40 different types of malware, including keyloggers, adware, and backdoors."

The new exploit seems to have a connection to WebAttacker, an multi-exploit attack "kit" created by a Russian group that sells for as little as $15 to $20. "We think that this new exploit is inside a new [version of the] kit," said Sites. "If that's true, then it will end up all over the place."

Sites said he expects that the exploit will migrate to one of the so-called "iframe cash" sites -- the term comes from the iframecash.biz site -- which use affiliates to push unpatched exploits to a large number of other Web sites, some of which are legitimate addresses whose servers have been previously compromised.

"This could end up being in lots

(Excerpt) Read more at techweb.com ...


TOPICS: Technical
KEYWORDS: browser; embracethepenguin; exploit; getamac; godiamtiredofthis; ie; lowqualitycrap; malware; microsoft; microsoftsecurity; ocrap; pr0nware; spyware; windows
Navigation: use the links below to view more comments.
first 1-5051-95 next last
US-CERT Vulnerability Note #416092

(excerpt)

III. Solution

We are currently unaware of a practical solution to this problem. Until a patch or update is available consider the following workarounds:

Refer to the following workarounds listed in Microsoft Security Advisory (925568):


Do not follow unsolicited links

In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.

______________________________________________________________________

I choose to use an alternative solution: Firefox or Opera as my browser.

1 posted on 09/19/2006 5:36:04 PM PDT by Eagle9
[ Post Reply | Private Reply | View Replies]

To: Swordmaker

So... you wanna ping Bush2k?

: )


2 posted on 09/19/2006 5:38:16 PM PDT by IncPen (Bush Iraq Truth WMD http://freedomkeys.com/whyiraq.htm)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Eagle9

Only idiots or masochists still use IE. Smart, sane people use Firefox, Mozilla/Seamonkey, and/or Opera 9.


3 posted on 09/19/2006 5:38:44 PM PDT by bigdcaldavis (Xandros : In a world without fences, who needs Gates?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Eagle9

I'm with you. Not only is Firefox minus the MS security bugs, it was faster than IE from the first day. Now, I have converted many friends and relatives to Mozilla's browser and their Email client (Thundebird) as well. And, the Mozilla community has new extension and plug-ins for both apps all th e time.


4 posted on 09/19/2006 5:40:22 PM PDT by Wuli
[ Post Reply | Private Reply | To 1 | View Replies]

To: bigdcaldavis
As many on line applications only accept IE as their default I would like to know how you would allow them to accept Fire fox.
5 posted on 09/19/2006 5:41:52 PM PDT by rocksblues (Liberals will stop at nothing.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: rocksblues
As many on line applications only accept IE as their default I would like to know how you would allow them to accept Fire fox.

I used it for quite some time after a friend recommended it and went back to IE for it is more user friendly.

6 posted on 09/19/2006 5:46:13 PM PDT by EGPWS
[ Post Reply | Private Reply | To 5 | View Replies]

To: Eagle9

"So far, said Eric Sites, vice president of research and development at Sunbelt, the exploit has shown up on hardcore porn sites, which are serving a buffet of badware to users who visit those sites. "

Oh, well. I guess I'm safe then, since I never go to porn sites. Porn sites have had nasty adware on them for years.


7 posted on 09/19/2006 5:46:15 PM PDT by MineralMan
[ Post Reply | Private Reply | To 1 | View Replies]

To: IncPen
So... you wanna ping Bush2k?

The last time I heard from him, he was buying a Mac.

8 posted on 09/19/2006 5:46:19 PM PDT by HAL9000 (Happy 10th Anniversary FreeRepublic.com - Est. Sept. 23, 1996 - Thanks Jim!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: rocksblues

As of this point in time, while I conduct various forms of business on line, I have found that none restrict me to the use of IE. Entities which formerly did require IE either have become compatible with Firefox or have created other means to work around limiting folk to IE. [Discover Card is an example.]


9 posted on 09/19/2006 5:47:14 PM PDT by Clara Lou (8-)
[ Post Reply | Private Reply | To 5 | View Replies]

To: bigdcaldavis
Smart, sane people use Firefox, Mozilla/Seamonkey, and/or Opera 9.

You must be a Dale Carnegie heir.

10 posted on 09/19/2006 5:47:35 PM PDT by EGPWS
[ Post Reply | Private Reply | To 3 | View Replies]

To: EGPWS

I use fire fox for all my on line use. But I have a few applications that won't recognize fire fox as my default browser.


11 posted on 09/19/2006 5:49:12 PM PDT by rocksblues (Liberals will stop at nothing.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Clara Lou

My county clerkk's website refuses to do any financial transactions unless the user has IE.


12 posted on 09/19/2006 5:50:19 PM PDT by Vermonter
[ Post Reply | Private Reply | To 9 | View Replies]

To: Eagle9

Firefox. It's better anyway IMO. Lots better.


13 posted on 09/19/2006 5:50:30 PM PDT by Principled
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000
So... you wanna ping Bush2k?

You gotta be kidding.

That guy is a True Believer®

14 posted on 09/19/2006 5:51:47 PM PDT by IncPen (Bush Iraq Truth WMD http://freedomkeys.com/whyiraq.htm)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Vermonter
My county clerk's website refuses to do any financial transactions unless the user has IE.

Go to the next county board meeting and ask them why they're wasting taxpayer's dollars...

15 posted on 09/19/2006 5:52:41 PM PDT by IncPen (Bush Iraq Truth WMD http://freedomkeys.com/whyiraq.htm)
[ Post Reply | Private Reply | To 12 | View Replies]

To: rocksblues

if I'm online and have to go to a website that only accepts IE, I'll get their e-mail and send them a note telling them that until they accept firefox, I'll not be visiting..I don't use IE and will not under any circumstances unless work required..and fortunately, I have to use IE there but it's on a company network that's isolated..otherwise, it's firefox for me..


16 posted on 09/19/2006 5:55:18 PM PDT by GeorgiaDawg32 (I'm a Patriot Guard Rider..www.patriotguard.org for info)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Eagle9

Clearly...George Bush's fault.


17 posted on 09/19/2006 5:55:41 PM PDT by mattdono (150 Million bloodthirsty Arabs vs. 4.8 Million Jewish Israelis. That's not fair. [Off Sarcasm])
[ Post Reply | Private Reply | To 1 | View Replies]

To: rocksblues

"As many on line applications only accept IE as their default I would like to know how you would allow them to accept Fire fox."

easy, use firefox for your day to day sites, avoid the porn sites, and only use IE for the online application sites that require IE. Don't connect to any other site with IE except the application. This isn't foolproof but it does minimize the risk.


18 posted on 09/19/2006 5:58:42 PM PDT by driftdiver
[ Post Reply | Private Reply | To 5 | View Replies]

To: IncPen

I'm a Mac user. If I was going to fight them it would be to get them to support Safari, but I'm not in the mood to beat my head against the wall ;-}


19 posted on 09/19/2006 5:58:51 PM PDT by Vermonter
[ Post Reply | Private Reply | To 15 | View Replies]

To: rocksblues
But I have a few applications that won't recognize fire fox as my default browser.

I never had any issues with applications using FireFox nor do I have anything against it, however I find IE to be more catering to me personally in allowing more time doing business and less time figuring.

FireFox IMO is a good browser, I just prefer IE and don't have the adverse issues using it that have been discussed.

20 posted on 09/19/2006 5:58:54 PM PDT by EGPWS
[ Post Reply | Private Reply | To 11 | View Replies]

To: EGPWS
You must be a Dale Carnegie heir.

I wish. :D
21 posted on 09/19/2006 5:59:15 PM PDT by bigdcaldavis (Xandros : In a world without fences, who needs Gates?)
[ Post Reply | Private Reply | To 10 | View Replies]

To: rocksblues

It's the apps that require IE that are infuriating. Quickbooks Pro requires IE.


A fundraising donor tracking package a lot of nonprofits use is Giftworks from MissionResearch is just a script running in IE, and as admin at that. They'll get killed by this. Heck, they get killed by the Kodak photo CDs from the Big Box stores, that one rewrites IE.

Lots of buck$ for those that repair computers.


22 posted on 09/19/2006 5:59:36 PM PDT by spudsmaki
[ Post Reply | Private Reply | To 5 | View Replies]

To: bigdcaldavis
I wish. :D

LOL!

23 posted on 09/19/2006 5:59:56 PM PDT by EGPWS
[ Post Reply | Private Reply | To 21 | View Replies]

To: bigdcaldavis

I love Opera9, good solid browser.


24 posted on 09/19/2006 6:03:21 PM PDT by Michael Barnes (May Satan grip the souls of those with American blood on their hands)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Eagle9
I'm sorry, but I can't reproduce the bug in Firefox on my MEPIS box.

Doesn't work on my Mac mini either.

Can someone verify this is a real issue, please?
25 posted on 09/19/2006 6:03:47 PM PDT by dyed_in_the_wool ("O you who believe! do not take the Jews and the Christians for friends" - Koran 5.51)
[ Post Reply | Private Reply | To 1 | View Replies]

To: spudsmaki

"Heck, they get killed by the Kodak photo CDs from the Big Box stores, that one rewrites IE."

What does this mean?


26 posted on 09/19/2006 6:04:36 PM PDT by KyHammer (Where's Zarquawi ? ......Blowed up sir!)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Eagle9

Wouldnt a simple solution be to not go to porn sites?

(ducking)


27 posted on 09/19/2006 6:08:11 PM PDT by VanDeKoik (Fitzmas Has Been Canceled.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: EGPWS
I used it for quite some time after a friend recommended it and went back to IE for it is more user friendly.

I know I'm going to sound like a jackass, but it's a browser, right? I mean, I could care less (and use what you wish) but seriously, you type the URL and there you go.

Personally, I like the tabbed browsing and add-ons (adblock, no script, x-ray and the developer toolbar are indispensible to me.) But I find it stunning to hear a browser not be 'user-friendly'. Just surprised.
28 posted on 09/19/2006 6:08:45 PM PDT by dyed_in_the_wool ("O you who believe! do not take the Jews and the Christians for friends" - Koran 5.51)
[ Post Reply | Private Reply | To 6 | View Replies]

To: VanDeKoik
Wouldnt a simple solution be to not go to porn sites?

<VOICE TYPE="SHATNER">What is...wrong...with you? Star Trek...and...porn are the...back...bone...of the internet. </VOICE>
29 posted on 09/19/2006 6:10:41 PM PDT by dyed_in_the_wool ("O you who believe! do not take the Jews and the Christians for friends" - Koran 5.51)
[ Post Reply | Private Reply | To 27 | View Replies]

To: dyed_in_the_wool
US-CERT Vulnerability Note #416092

(excerpt)

References


http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html
http://msdn.microsoft.com/workshop/author/vml/SHAPE/introduction.asp
http://www.microsoft.com/technet/security/advisory/925568.mspx

Credit

This vulnerability was reported by Sunbelt Software.

This document was written by Jeff Gennari.

Other Information

Date Public 09/18/2006
Date First Published 09/19/2006 11:14:35 AM
Date Last Updated 09/19/2006
CERT Advisory  
CVE Name CVE-2006-3866
Metric 37.87
Document Revision 26

30 posted on 09/19/2006 6:13:42 PM PDT by Eagle9
[ Post Reply | Private Reply | To 25 | View Replies]

To: Eagle9

If I site requires me to use IE, I will generally email the contact people listed in the WHOIS record and then stop using the site. Since I use Linux as my desktop OS, using IE is not an option and I couldn't be happier. Again, I simply stop using that site if I have to use IE. The trick is not to use IE in the first place; and I never have. I've transitioned from Netscape -> Mozilla -> Firefox and never took that poison pill that is the blue e.

Secondly, IE is years behind in features. I cannot browse the web without tabs and the RSS/live bookmarks in Firefox. IE 6 with SP2, for example, finally included an integrated a pop-up blocker. Opera and the Mozilla browsers had them since at least 2002. Tabs? Again, Opera has had them since the late 90's and Mozilla-based browsers since '02 or so. IE7 will have tabs, only a few years behind. RSS? Yup. For a couple of years now feeds can be incorporated into Firefox. IE7 will have them.

The development team for IE7 was given one directive: "copy Firefox."

If you don't ditch IE for security, least you can do is it ditch it for its dearth of features.

By the way, IE is also a piece of junk.


31 posted on 09/19/2006 6:15:07 PM PDT by bws53
[ Post Reply | Private Reply | To 1 | View Replies]

To: KyHammer

I mean Kodak installs new DLLs, registry entries, and other goodies to run its picture browser. When you pop in the CD it is installed automatically. There is no uninstall. Wipe and reinstall.

This software won't install if you're running as a Limited User, but you're running as Admin, aren't you? I suspect this latest batch of spyware only installs as admin.

Sometimes, QB won't run after the KKodak changes. Hope you have a recent backup. Giftworks almost never runs. Many other apps barf on the changes.

BTW, Microsoft says XP was designed to run as admin in a KB article. I use a Mac.


32 posted on 09/19/2006 6:17:44 PM PDT by spudsmaki
[ Post Reply | Private Reply | To 26 | View Replies]

To: spudsmaki

I had trouble with a kodak disc that came with a camera. It sounded to me like you were talking about the discs with photos on them from a photo lab. Am I mistaken?


33 posted on 09/19/2006 6:30:12 PM PDT by KyHammer (Where's Zarquawi ? ......Blowed up sir!)
[ Post Reply | Private Reply | To 32 | View Replies]

To: dyed_in_the_wool
I know I'm going to sound like a jackass,...

No you don't.

Like I said, I found it to be a very formidable browser while using it, however I prefer IE (apparently) for I went back to it.

I'm not a "dyed in the wool" supporter of IE, I just prefer it without getting into the intricities as to what the two have to offer.

I'm happy with it for I does what I require of it to do for me.

34 posted on 09/19/2006 6:31:59 PM PDT by EGPWS
[ Post Reply | Private Reply | To 28 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

35 posted on 09/19/2006 6:43:33 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Eagle9
the exploit has shown up on hardcore porn sites, which are serving a buffet of badware to users who visit those sites.

stop looking at porn and you dont have anything to worry about. :)

36 posted on 09/19/2006 6:49:23 PM PDT by Echo Talon
[ Post Reply | Private Reply | To 1 | View Replies]

To: bws53
If I site requires me to use IE, I will generally email the contact people listed in the WHOIS record and then stop using the site.

My Bank's internet banking requires IE or Netscape. I don't think it's worth changing banks over a browser. I use Firefox for most browsing, but I use IE for online banking.

37 posted on 09/19/2006 6:53:06 PM PDT by OrangeDaisy
[ Post Reply | Private Reply | To 31 | View Replies]

To: ShadowAce

thanks - explains a lot about in the wild troubleshooting today........


38 posted on 09/19/2006 6:56:42 PM PDT by bitt ("And an angel still rides in the whirlwind and directs this storm.")
[ Post Reply | Private Reply | To 35 | View Replies]

To: EGPWS

No worries. I just view browsers as having (for the most part) a narrow feature set. However, security shows a much different balance.

But last time I checked - it is America, so browse as you wish.


39 posted on 09/19/2006 6:57:48 PM PDT by dyed_in_the_wool ("O you who believe! do not take the Jews and the Christians for friends" - Koran 5.51)
[ Post Reply | Private Reply | To 34 | View Replies]

To: Eagle9; potlatch; ntnychik; Smartass; Boazo; Alamo-Girl; PhilDragoo; The Spirit Of Allegiance; ...

save yourselves - ping!


40 posted on 09/19/2006 6:59:29 PM PDT by bitt ("And an angel still rides in the whirlwind and directs this storm.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Eagle9

A website about drugs (legal OTC and prescription stuff) that was the top result on Google recently downloaded a trojan on my computer. The stupid thing would show as infecting my computer everytime I rebooted even after the anti-virus said it cleaned it. It took several hours of running several online AV scans, deleting, rebooting and deleting system restores to get the stupid thing clean.


41 posted on 09/19/2006 7:02:23 PM PDT by OrangeDaisy
[ Post Reply | Private Reply | To 1 | View Replies]

To: Eagle9

Another great commercial for firefox.


42 posted on 09/19/2006 7:06:29 PM PDT by mysterio
[ Post Reply | Private Reply | To 1 | View Replies]

To: Vermonter; rocksblues

There are plug-ins for Firefox that let you change the reported "user-agent" (essentially the info sent to the server that tells it what browser you're using).

Don't know if that'd solve either of your respective problems, but could be worth a shot.


43 posted on 09/19/2006 7:13:25 PM PDT by Tree of Liberty (Islam delenda est)
[ Post Reply | Private Reply | To 12 | View Replies]

To: bitt; devolve
save yourselves!

LOL, Spyware, sounds familiar


44 posted on 09/19/2006 7:15:08 PM PDT by potlatch (Does a clean house indicate that there is a broken computer in it?)
[ Post Reply | Private Reply | To 40 | View Replies]

To: KyHammer

They're very similar. Why not just get a USB card reader and edit with Irfanview? Works better for me with my Nikon. You could also use Bibble, it's great.

If you do the Firefox thing install some add ins. I use UserAgentSwitcher, Adblock+, FilterSetGUpdater, CustomizeGoogle, NoScript, Unplug, Scrapbook, Flashblock, Fasterfox, Safecache, and Safehistory.


45 posted on 09/19/2006 7:17:08 PM PDT by spudsmaki
[ Post Reply | Private Reply | To 33 | View Replies]

To: OrangeDaisy
You might want to take a look at Adblock Plus and Filterset.G

I've used them both for a while and very rarely do I see an advertisement, anymore.

46 posted on 09/19/2006 7:20:16 PM PDT by Tree of Liberty (Islam delenda est)
[ Post Reply | Private Reply | To 41 | View Replies]

To: driftdiver
and only use IE for the online application sites that require IE.

That is exactly what I do. A very few sites that I use in my business only work with IE, and a few non work related sites. But these are sites that I am sure are not malicious. Generally, if it is not a necessary site and it only works with IE, then tough, I just don't use it. But really, I don't have to resort to IE much at all.

47 posted on 09/19/2006 7:26:26 PM PDT by ChildOfThe60s (If you can remember the 60s...you weren't really there.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: EGPWS

IE more user friendly? Only when it is run in the default set-up: With every security risk wide-open.


48 posted on 09/19/2006 7:26:37 PM PDT by TheBattman (I've got TWO QUESTIONS for you....)
[ Post Reply | Private Reply | To 6 | View Replies]

To: EGPWS

A lot of times "user friendly" is really just what we are habitually accustomed to. And even still, the few things in FF that require an extra step, well, I figure it is a reasonable price to pay for all the other aspects that are superior.


49 posted on 09/19/2006 7:31:06 PM PDT by ChildOfThe60s (If you can remember the 60s...you weren't really there.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: potlatch


WebTV has no viruses, worms, trojans, popups

Amazing a dinky inexpensive unit by MSFT can ignore them

But expensive PCs require lots of fun stuff, firewalls, screens, security software

Makes one wonder

Do PC users enjoy the pain?

If they are so great why is a WebTV immune?





50 posted on 09/19/2006 7:46:30 PM PDT by devolve
[ Post Reply | Private Reply | To 44 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-95 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson