[Eagle9]

New Exploit Rocks IE, Downloads Scores Of Spyware, Adware (9/19/2006)
http://www.freerepublic.com/focus/f-news/1704561/posts

(excerpt

The new exploit seems to have a connection to WebAttacker, an multi-exploit attack "kit" created by a Russian group that sells for as little as $15 to $20. ,b>"We think that this new exploit is inside a new [version of the] kit," said Sites. "If that's true, then it will end up all over the place."

Sites said he expects that the exploit will migrate to one of the so-called "iframe cash" sites -- the term comes from the iframecash.biz site -- which use affiliates to push unpatched exploits to a large number of other Web sites, some of which are legitimate addresses whose servers have been previously compromised.

"This could end up being in lots and lots of places," said Sites.

________________________________________________________________

If it does spread to legitimate addresses that have vulnerable servers, then waiting until October 10 for a patch for IE could be very risky.

[P-40]

Use another browser:

That is some good advice there. :)

[Red Badger]

USE FIREFOX!!!!!!!!!!!!!!!.........

[Fury]

Thanks for posting...

[Eagle9]

"One of the easiest ways might be to use Firefox with a plug-in to allow certain sites (such as windowsupdate.com) to transparently use MSIE to get back the ActiveX functionality without bothering the user over the choice and differences," said the Internet Storm Center in an online alert Wednesday.

Two such plug-ins (called "extensions" in Firefox parlance) that add IE functionality to Firefox are IE Tab and IE View.

If Microsoft Windows Update web site will accept Firefox with either of those two extensions, then banking and MS Exchange/Outlook Web Mail and other IE only web sites should also accept it.

[firewalk]

bttt

[HOYA97]

Why are Mac's not affected by virus's? Is this in fact true? I am considering getting one for work and I would like your comments.

Thanks!

[FReepaholic]

Thanks for posting this. I've followed the instructions for creating the GPO and have applied it to our test network for testing.

[VeniVidiVici]

Summary of all MS threads:

Blah, blah, blah, Firefox. Blah, blah, blah, MS sucks. Blah, blah, blah Mac. Blah, blah, blah why people still use is beyond me. Blah, blah, blah Linux.

[js1138]

Server 2003 is not vulnerable. PCs having a decent virus scanner or anti-spyware program are not vulnerable. I'm betting that 64 bit cpus are not vulnerable.

[MadIvan]

I use Swiftfox, a variant of Firefox for Linux. No problems here.

Regards, Ivan

[Toby06]

How do you clean it out if you already have it?

[COEXERJ145]

I've been using IE7 since it was in Beta. Works great for me.

[montag813]

Users who want to protect themselves now, however, do have options.

Yes they do

[Darnright]

bump

[BlessedBeGod]

A couple of questions:

1) Re "Disable the vulnerable .dll":
What is that .dll used for, and what will be affected if it's disabled?


2) Re disabling Binary and Script Behaviors in IE6 and the following instructions:
(-- Select Tools|Internet Options in IE
-- Click the "Security" tab
-- Click "Internet," then "Custom Level"
-- In the "ActiveX controls and plug-ins" section, under "Binary and Script Behaviors," click "Disable," and then click OK.)

I don't have anything specifically called "Binary and Script Behaviors" under "Active X Controls and Plug-Ins". All I have are:
Download Signed ActiveX Controls (I already have set as Disabled)
Download Unsigned ActiveX Controls (Disabled)
Initialize and Script ActiveX Controls Not Marked as Safe (Disabled)
Run ActiveX Controls and Plug-Ins (Disabled)
Script ActiveX Controls Marked Safe for Scripting (Disabled)

Am I okay there?

Thanks for your help!

[JerseyHighlander]

ping for later.

[Wormwood]