Skip to comments.New Exploit Rocks IE, Downloads Scores Of Spyware, Adware
Posted on 09/19/2006 5:36:00 PM PDT by Eagle9
An unpatched vulnerability in all editions of Microsoft's Internet Explorer browser is being exploited, security researchers said Tuesday, with the attack dumping a broad range of adware, spyware, and Trojans onto PCs whose users simply surf to an infected or malicious site.
First reported by Sunbelt Software -- although rival Internet Security Systems claimed it was the first to discover the bug -- the vulnerability is in how IE renders VML (Vector Mark-up Language), an extension of XML that defines on-the-Web images in vector graphics format. The previously unknown -- and thus unpatched -- bug inside IE is already being used by attackers.
So far, said Eric Sites, vice president of research and development at Sunbelt, the exploit has shown up on hardcore porn sites, which are serving a buffet of badware to users who visit those sites.
"First they were pushing Virtumondo adware," said Sites, "but by late afternoon yesterday, these sites were distributing more than 40 different types of malware, including keyloggers, adware, and backdoors."
The new exploit seems to have a connection to WebAttacker, an multi-exploit attack "kit" created by a Russian group that sells for as little as $15 to $20. "We think that this new exploit is inside a new [version of the] kit," said Sites. "If that's true, then it will end up all over the place."
Sites said he expects that the exploit will migrate to one of the so-called "iframe cash" sites -- the term comes from the iframecash.biz site -- which use affiliates to push unpatched exploits to a large number of other Web sites, some of which are legitimate addresses whose servers have been previously compromised.
"This could end up being in lots
(Excerpt) Read more at techweb.com ...
We are currently unaware of a practical solution to this problem. Until a patch or update is available consider the following workarounds:
Refer to the following workarounds listed in Microsoft Security Advisory (925568):
I choose to use an alternative solution: Firefox or Opera as my browser.
So... you wanna ping Bush2k?
Only idiots or masochists still use IE. Smart, sane people use Firefox, Mozilla/Seamonkey, and/or Opera 9.
I'm with you. Not only is Firefox minus the MS security bugs, it was faster than IE from the first day. Now, I have converted many friends and relatives to Mozilla's browser and their Email client (Thundebird) as well. And, the Mozilla community has new extension and plug-ins for both apps all th e time.
I used it for quite some time after a friend recommended it and went back to IE for it is more user friendly.
"So far, said Eric Sites, vice president of research and development at Sunbelt, the exploit has shown up on hardcore porn sites, which are serving a buffet of badware to users who visit those sites. "
Oh, well. I guess I'm safe then, since I never go to porn sites. Porn sites have had nasty adware on them for years.
The last time I heard from him, he was buying a Mac.
As of this point in time, while I conduct various forms of business on line, I have found that none restrict me to the use of IE. Entities which formerly did require IE either have become compatible with Firefox or have created other means to work around limiting folk to IE. [Discover Card is an example.]
You must be a Dale Carnegie heir.
I use fire fox for all my on line use. But I have a few applications that won't recognize fire fox as my default browser.
My county clerkk's website refuses to do any financial transactions unless the user has IE.
Firefox. It's better anyway IMO. Lots better.
You gotta be kidding.
That guy is a True Believer®
Go to the next county board meeting and ask them why they're wasting taxpayer's dollars...
if I'm online and have to go to a website that only accepts IE, I'll get their e-mail and send them a note telling them that until they accept firefox, I'll not be visiting..I don't use IE and will not under any circumstances unless work required..and fortunately, I have to use IE there but it's on a company network that's isolated..otherwise, it's firefox for me..
Clearly...George Bush's fault.
"As many on line applications only accept IE as their default I would like to know how you would allow them to accept Fire fox."
easy, use firefox for your day to day sites, avoid the porn sites, and only use IE for the online application sites that require IE. Don't connect to any other site with IE except the application. This isn't foolproof but it does minimize the risk.
I'm a Mac user. If I was going to fight them it would be to get them to support Safari, but I'm not in the mood to beat my head against the wall ;-}
I never had any issues with applications using FireFox nor do I have anything against it, however I find IE to be more catering to me personally in allowing more time doing business and less time figuring.
FireFox IMO is a good browser, I just prefer IE and don't have the adverse issues using it that have been discussed.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.