Don't Visit Websites With Microsoft IE
from the as-if-you-didn't-know-this-was-coming... dept
It really is getting ridiculously dangerous these days for anyone to keep using Microsoft IE. People always talk about the day when scammers will start to use “zero day exploits” to smash through security holes before they’re patched, and that’s clearly already happening. The latest move, which is fairly advanced (and many assume is being done by organized crime groups in Eastern Europe) is to hack into a variety of popular company websites and install some code to exploit a known IE vulnerability that has not been patched by Microsoft. Once this is done, any IE user visiting any of these websites (which they obviously would assume to be safe based on the companies involved) ends up with some of the most insidious keylogging spyware. The article won’t list the companies, but from the descriptions they sound like sites anyone might visit on a regular basis (banks, auction sites and comparison shopping engines). This sounds quite similar to the Interland hack from last year, but could impact many more users.
Comments on “Don't Visit Websites With Microsoft IE”
surfers are safe
According to the original source at Internet Storm Center, there are 2 different infections going on. M$ IIS servers are vulnerable to an exploit that is undetectable by current virus scanners. However, visitors to infected servers are safe, because a separate method of infection is used there: a common JavaScript exploit, and a common trojan horse is downloaded. The trojan horse IS detected by current virus scanners, it’s a “known” trojan horse.
Don’t get me wrong, I do use and prefer Firefox. There’s just been a lot of misunderstanding about this current development, and only because CNET, Slashdot, Techdirt, aren’t reading the Internet Storm Center article carefully.
Re: surfers are safe
The note about AV software blocking this was added later after they were updated… It wasn’t an issue of not reading it carefully, but reading it too early.
What if
There are even more insidious bugs for non-IE browsers, and no one realized it? Maybe such users start getting mysterious bills from collection agencies, their kids disappear, ….
Re: What if
Well I for one would LOVE to see you back that up…I mean it pays to stay well informed.
So you got any concrete info to these insidious bugs that we can look up?
Re: Re: What if
I would say you just demonstrated the biggest security flaw of non-IE browsers: its users chauvinistically refuse to believe there can be any security holes.
But e.g.
http://www.squarefree.com/burningedge/
talks about a “firefox security hole”, dated June 15th. If these other browsers are so bulletproof, how come they keep coming out with new versions?
Re: Re: Re: What if
Yep. The more people switch to other browsers the more those browsers’ vulnerabilities are going to be attacked. I wonder how long until IE is the safest browser again because no one attacks it because no one uses anymore it since it’s so unsafe.
Re: Re: Re:2 What if
Exactly. Blaming Microsoft for all the world’s Internet security problems is fallacious. If Opera was used by 90% of the computers there would be just as many, if not more exploits.
Re: Re: Re: What if
I’m sorry if you got the wrong impression…but I don’t deny or refuse to believe there ARE security holes in Non-IE browsers.
I just wanted you to back your statement.
However I DO believe that Mozilla fixes its holes way faster than IE *AND* that on average its holes are way smaller than IE which basically lets everyone run roughshod over the whole OS.
You will note that the hole I believe you are mentionning isn’t Mozilla-only AND that its been fixed already in Firefox.
Anyway…
ActiveX
Is any of this stuff done with ActiveX?