New Exploit Rocks IE, Downloads Scores Of Spyware, Adware

TechWeb ^ | September 19, 2006 | Gregg Keizer

[Eagle9]

An unpatched vulnerability in all editions of Microsoft's Internet Explorer browser is being exploited, security researchers said Tuesday, with the attack dumping a broad range of adware, spyware, and Trojans onto PCs whose users simply surf to an infected or malicious site.

First reported by Sunbelt Software -- although rival Internet Security Systems claimed it was the first to discover the bug -- the vulnerability is in how IE renders VML (Vector Mark-up Language), an extension of XML that defines on-the-Web images in vector graphics format. The previously unknown -- and thus unpatched -- bug inside IE is already being used by attackers.

So far, said Eric Sites, vice president of research and development at Sunbelt, the exploit has shown up on hardcore porn sites, which are serving a buffet of badware to users who visit those sites.

"First they were pushing Virtumondo adware," said Sites, "but by late afternoon yesterday, these sites were distributing more than 40 different types of malware, including keyloggers, adware, and backdoors."

The new exploit seems to have a connection to WebAttacker, an multi-exploit attack "kit" created by a Russian group that sells for as little as $15 to $20. "We think that this new exploit is inside a new [version of the] kit," said Sites. "If that's true, then it will end up all over the place."

Sites said he expects that the exploit will migrate to one of the so-called "iframe cash" sites -- the term comes from the iframecash.biz site -- which use affiliates to push unpatched exploits to a large number of other Web sites, some of which are legitimate addresses whose servers have been previously compromised.

"This could end up being in lots

[Enterprise]

Perhaps it does explain something for me. I run Webroot Spy Sweeper a couple times a week because spyware seems to show up with regularity. Once, a back door trojan showed up. I do use IE occasionally, now I wonder if it has been the source of a lot of the crap that I have to get rid of with the Spy Sweeper.

[philetus]

III. Solution:XPLite

[FastCoyote]

"I choose to use an alternative solution: Firefox or Opera as my browser."

Ditto, at least for anything other than a bank site. I hope the financial industry starts supporting Firefox better. The handwriting is on the wall.

[FastCoyote]

"stop looking at porn and you dont have anything to worry about. :)"

Or, I could scoop my eyeballs out with a hot spoon. That and not looking at porn both have about the same probability of happening, though they are both a cure.

[bitt]

try the free

http://www.ewido.com
.

you won't believe what it finds!

also, keep using your pop-up blocker....

and I STILL like spybot search and destroy.

[Echo Talon]

lol :)

[Eagle9]

To really make these alerts effective they should post very detailed information on how to use the exploits.
That would really light a fire under their asses!

Ha ha! Yeah, that would do it. But even then, could MS issue a patch as quickly as Firefox?

Secunia has rated this vulnerability rated Extremely Critical and says that eight versions of MS Windows Server are unpatched. Does this mean that the key loggers and trojans can spread very quickly across the Internet and infect anyone using IE6, even though they have not visited a porn site? It also says that the solution for IE users is to deactivate support for Active Scripting. IE should have a NoScript extension -- easily turned off and on. :)

Secunia
http://secunia.com/advisories/21989

[Richard Kimball]

I just checked and Bush2000 hasn't posted since February 2006. Hope he's okay. He hasn't been banned. Anyone know anything? I always enjoyed the friendly banter.

[KoRn]

"It also says that the solution for IE users is to deactivate support for Active Scripting.

LOL! They should not even use it in that case.

[Eagle9]

You're quick!

[IncPen]

The banter as I saw it was not always friendly, but I don't wish him any ill

[185JHP]

BTTT

[DocRock]

bookmark

[Mr. Silverback]

OK, I'm getting Firefox tomorrow. Freakin Microsoft.

[Mr. Silverback]

Hmmm...I posted that before I noticed that most of the users encountering this problem are getting it at porn sites. I WILL NOT have that problem...but i'm still changing to firefox.

[ntnychik]

That's what I feel like, LOL.
I dread another black screen experience.

[DollyCali]

The joys of computer ownership/use BUMP.

thanks for info. I use mozilla 99% of time. The other day I could NOT open a weboage w/mozilla for some reason.. went to IE & no problem.

well, yes there was, The problem was that it bothered me that IE could do something Moz could not! (well, perhaps MS has loaded some "little treasures" to make Mozilla less than perfect?

[ForGod'sSake]

[potlatch]

Hmmm, don't know if you got to experience a bunch of black screens, lol. Blackout time!! Then they started dancing...

[Eagle9]

"We think that this new exploit is inside a new [version of the] kit," said Sites. "If that's true, then it will end up all over the place."

Microsoft is often relatively slow with their patches to vulnerabilities in IE. If they are this time, changing to Firefox would be a wise move. I don't go to porn sites either.