Free Site License To Online Office Suite For Indiana Residents
Supernova Summary Day 1: Distributed Concepts Expand Beyond Technology

Don't Visit Websites With Microsoft IE

Scams

from the as-if-you-didn't-know-this-was-coming... dept

Thu, Jun 24th 2004 11:19pmMike Masnick
It really is getting ridiculously dangerous these days for anyone to keep using Microsoft IE. People always talk about the day when scammers will start to use "zero day exploits" to smash through security holes before they're patched, and that's clearly already happening. The latest move, which is fairly advanced (and many assume is being done by organized crime groups in Eastern Europe) is to hack into a variety of popular company websites and install some code to exploit a known IE vulnerability that has not been patched by Microsoft. Once this is done, any IE user visiting any of these websites (which they obviously would assume to be safe based on the companies involved) ends up with some of the most insidious keylogging spyware. The article won't list the companies, but from the descriptions they sound like sites anyone might visit on a regular basis (banks, auction sites and comparison shopping engines). This sounds quite similar to the Interland hack from last year, but could impact many more users.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

9 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Justin, 25 Jun 2004 @ 7:02am

    surfers are safe

    According to the original source at Internet Storm Center, there are 2 different infections going on. M$ IIS servers are vulnerable to an exploit that is undetectable by current virus scanners. However, visitors to infected servers are safe, because a separate method of infection is used there: a common JavaScript exploit, and a common trojan horse is downloaded. The trojan horse IS detected by current virus scanners, it's a "known" trojan horse.

    Don't get me wrong, I do use and prefer Firefox. There's just been a lot of misunderstanding about this current development, and only because CNET, Slashdot, Techdirt, aren't reading the Internet Storm Center article carefully.

    link to this | view in thread ]

  2. identicon
    dorpus, 25 Jun 2004 @ 8:12am

    What if

    There are even more insidious bugs for non-IE browsers, and no one realized it? Maybe such users start getting mysterious bills from collection agencies, their kids disappear, ....

    link to this | view in thread ]

  3. icon
    Mike (profile), 25 Jun 2004 @ 8:36am

    Re: surfers are safe

    The note about AV software blocking this was added later after they were updated... It wasn't an issue of not reading it carefully, but reading it too early.

    link to this | view in thread ]

  4. identicon
    thecaptain, 25 Jun 2004 @ 11:57am

    Re: What if

    Well I for one would LOVE to see you back that up...I mean it pays to stay well informed.

    So you got any concrete info to these insidious bugs that we can look up?

    link to this | view in thread ]

  5. identicon
    dorpus, 25 Jun 2004 @ 12:28pm

    Re: What if

    I would say you just demonstrated the biggest security flaw of non-IE browsers: its users chauvinistically refuse to believe there can be any security holes.

    But e.g.

    http://www.squarefree.com/burningedge/

    talks about a "firefox security hole", dated June 15th. If these other browsers are so bulletproof, how come they keep coming out with new versions?

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 25 Jun 2004 @ 4:59pm

    Re: What if

    Yep. The more people switch to other browsers the more those browsers' vulnerabilities are going to be attacked. I wonder how long until IE is the safest browser again because no one attacks it because no one uses anymore it since it's so unsafe.

    link to this | view in thread ]

  7. identicon
    Adam, 25 Jun 2004 @ 5:11pm

    Re: What if

    Exactly. Blaming Microsoft for all the world's Internet security problems is fallacious. If Opera was used by 90% of the computers there would be just as many, if not more exploits.

    link to this | view in thread ]

  8. identicon
    thecaptain, 25 Jun 2004 @ 7:28pm

    Re: What if

    I'm sorry if you got the wrong impression...but I don't deny or refuse to believe there ARE security holes in Non-IE browsers.

    I just wanted you to back your statement.

    However I DO believe that Mozilla fixes its holes way faster than IE *AND* that on average its holes are way smaller than IE which basically lets everyone run roughshod over the whole OS.

    You will note that the hole I believe you are mentionning isn't Mozilla-only AND that its been fixed already in Firefox.

    Anyway...

    link to this | view in thread ]

  9. identicon
    Galley, 26 Jun 2004 @ 7:25am

    ActiveX

    Is any of this stuff done with ActiveX?

    link to this | view in thread ]


Free Site License To Online Office Suite For Indiana Residents
Supernova Summary Day 1: Distributed Concepts Expand Beyond Technology
Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

Friday

19:39 Important Announcement: Techdirt Is Migrating To A New Platform (0)
More arrow

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.