PDA

View Full Version : Drive-By unpatched IE Attacks, Threat


davidh
March 28th, 2006, 10:26 PM
During the weekend of March 25-26, malware hunters discovered more than 200 unique URLs using the unpatched IE flaw to launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.

http://www.eweek.com/article2/0,1895,1943450,00.asp

Judy G. Russell
March 28th, 2006, 10:30 PM
During the weekend of March 25-26, malware hunters discovered more than 200 unique URLs using the unpatched IE flaw to launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.[/url]Good heavens... I am sooooo glad I use Firefox.

davidh
March 28th, 2006, 10:32 PM
Updated: Microsoft confirms a wave of drive-by downloads targeting a zero-day browser vulnerability and says Internet Explorer users can expect a patch on April 11, if not sooner.


3 comments posted
Add your opinion


Malicious hackers are using hijacked Web servers and compromised sites to launch a wave of zero-day attacks against an unpatched flaw in Microsoft's Internet Explorer browser.
ADVERTISEMENT

The first wave of drive-by downloads was spotted on March 25, and security experts tracking the attack say the threat is growing at a rate of 10 new malicious URLs every hour.

http://www.eweek.com/article2/0,1895,1942566,00.asp

Judy G. Russell
March 28th, 2006, 10:49 PM
Let's see here... the problem is growing at the rate of 10 new malicious URLs per hour, and Microsoft says we're on our own until probably April 11. Have I mentioned lately how glad I am that I use Firefox?

davidh
March 29th, 2006, 12:18 AM
Let's see here... the problem is growing at the rate of 10 new malicious URLs per hour, and Microsoft says we're on our own until probably April 11. Have I mentioned lately how glad I am that I use Firefox? Don't worry. Somebody will figure out how to get around your defenses and produce a cheap spyware kit or root kit to attack the hole :)

David H.

Judy G. Russell
March 29th, 2006, 12:37 AM
Don't worry. Somebody will figure out how to get around your defenses and produce a cheap spyware kit or root kit to attack the hole :)You're such a comfort, David...

ndebord
March 30th, 2006, 10:05 PM
You're such a comfort, David...

Judy

http://blogs.pcworld.com/staffblog/archives/001747.html

Third party patches for IE are a short-term kludge for MR BILL's latest mess.

Judy G. Russell
March 30th, 2006, 10:53 PM
Refusing to use IE is an even better solution.

Mike Landi
March 31st, 2006, 12:42 PM
Refusing to use IE is an even better solution.

IE is still in use? <g>

Judy G. Russell
March 31st, 2006, 02:49 PM
IE is still in use? <g>By some foolish mortals...

Lindsey
March 31st, 2006, 10:59 PM
By some foolish mortals...
Hey, there are some web sites that require it, and that I am required to use. :(

--Lindsey

Judy G. Russell
April 1st, 2006, 12:35 PM
Hey, there are some web sites that require it, and that I am required to use. :( :( indeed. I simply refuse to use websites that require IE, and, fortunately, none of the ones that require it are ones I have to use.

Jeff
April 1st, 2006, 01:57 PM
By some foolish mortals...

Hay, it works! Behind a router, a software firewall, and a daily updated AV...

- Yeff

Judy G. Russell
April 1st, 2006, 05:59 PM
Hay, it works! Behind a router, a software firewall, and a daily updated AV...And if that's not enough, we'll put together a whole new OS you can get... after buying new hardware...

Lindsey
April 1st, 2006, 11:41 PM
:( indeed. I simply refuse to use websites that require IE, and, fortunately, none of the ones that require it are ones I have to use.
Actually, I can access the EpsonExpert site without IE. I only have to use IE if I actually want to download any of the information files that I came to the site to get. :rolleyes:

Some parts of the Federal Reserve web site are set up excusively for IE as well.

--Lindsey

Judy G. Russell
April 2nd, 2006, 01:39 AM
Some parts of the Federal Reserve web site are set up excusively for IE as well.That's just plain wrong. It annoys me nooooooo end that the Government falls for this IE trap (crap?) all the time.

ktinkel
April 2nd, 2006, 11:17 AM
Some parts of the Federal Reserve web site are set up excusively for IE as well.That is excellent! Keep out all those Mac and Linux trouble-makers.

Obviously not worthy of full citizenship, either! http://www.desktoppublishingforum.com/bb/images/smilies/rolleyes.gif

Lindsey
April 2nd, 2006, 11:11 PM
That's just plain wrong. It annoys me nooooooo end that the Government falls for this IE trap (crap?) all the time.
What can I say? They want CONTROL, so they use ActiveX applications.

--Lindsey

Lindsey
April 2nd, 2006, 11:13 PM
That is excellent! Keep out all those Mac and Linux trouble-makers.
Yeah, not to mention all those Mozilla subversives...

--Lindsey

davidh
April 2nd, 2006, 11:50 PM
That is excellent! Keep out all those Mac and Linux trouble-makers.

Obviously not worthy of full citizenship, either! http://www.desktoppublishingforum.com/bb/images/smilies/rolleyes.gif Maybe keep the MacIntosh. Motherhood and apple pie, y'know.

David H.

Judy G. Russell
April 3rd, 2006, 01:08 AM
I know why they do it... but it's still stooooopid.

Lindsey
April 3rd, 2006, 01:13 AM
I know why they do it... but it's still stooooopid.
Annoying, at the very least. I don't know just what to think of the Federal Reserve's development department. They've only just in the last year implemented an ACH application that wasn't DOS dependent. They'd only been working on it for some 5 years. (I think the real problem was the many security holes in Windows. When you're moving tons of money around the country every day, you don't want a system that has security holes.)

--Lindsey

Judy G. Russell
April 3rd, 2006, 01:41 PM
You'd think that if security was the big issue, MSIE would be the last thing they'd want to code for or require of their users...

Lindsey
April 3rd, 2006, 05:45 PM
You'd think that if security was the big issue, MSIE would be the last thing they'd want to code for or require of their users...
You would, wouldn't you? But you should see the way they have layered security around their ACH operation. Physical tokens, multiple complex passwords, at least one of which requires frequent changes, special connection applet, access restricted by IP address -- it's enough to drive you batty.

--Lindsey

Judy G. Russell
April 3rd, 2006, 06:24 PM
you should see the way they have layered security around their ACH operation. Physical tokens, multiple complex passwords, at least one of which requires frequent changes, special connection applet, access restricted by IP address -- it's enough to drive you batty.I do understand why they're doing that, but...

Lindsey
April 3rd, 2006, 11:48 PM
I do understand why they're doing that, but...
They even had the progress chart set up so that the password had to be changed monthly. (This was an area where you went during the implementation period to check off the various steps you had completed, complete surveys, etc. If you didn't check off the steps by the deadline the Fed had set for you, you got automated delinquency e-mails from them.) In the course of the implementation and testing, I had to change my password three times. I thought that was just a bit over the top. I mean, geez, this was nothing to do with moving money around, it was just marking checkboxes on the calendar.

--Lindsey

Judy G. Russell
April 4th, 2006, 01:58 AM
I mean, geez, this was nothing to do with moving money around, it was just marking checkboxes on the calendar.That is just a bit over the top, yes.

sidney
April 4th, 2006, 11:50 PM
They even had the progress chart set up so that the password had to be changed monthly

I can imagine the highly secure passwords that resulted, meeting all the security criteria of minimum length 8 characters, mixed upper and lower case alphabetic, at least one digit, at least one special character, changed monthly, no previously used password may be reused... Nobody would ever guess something that secure:

$Jan_2006 $Feb_2006 $Mar_2006 $Apr_2006 ....


-- sidney

Lindsey
April 5th, 2006, 11:56 PM
$Jan_2006 $Feb_2006 $Mar_2006 $Apr_2006 ....
LOL!! I'm sure you are right about that. I periodically caution our own users against things like that, try to give them tips about constructing good passwords that are fairly easy to remember, but I know from what I see on the "failed login" report that I get every day, a lot of them pay absolutely no attention. (I know that, because hardly a day goes by without someone mistakenly keying his/her password into the UserID field, which is printed on the report, even though passwords are not, so I have a pretty good idea what sorts of passwords they're using. <sigh>)

--Lindsey

sidney
April 6th, 2006, 03:34 AM
I know from what I see on the "failed login" report

Does access to the failed login reports require sysadmin level security clearance? Is your level of access supposed to allow you into everyone's accounts or is that just a side effect of "We don't show passwords in failed login attempts so it isn't sensitive information" ?

-- sidney

Lindsey
April 6th, 2006, 05:49 PM
Does access to the failed login reports require sysadmin level security clearance?
Basically, yes. I get those reports because I'm responsible for monitoring security on our main computer.

Is your level of access supposed to allow you into everyone's accounts or is that just a side effect of "We don't show passwords in failed login attempts so it isn't sensitive information" ?
The latter; and that's one reason I shred the reports when I'm through with them.

The only way I'd have access to someone else's account would be to change its password, and that activity would be reported on another security report. Since I'm not the only one who sees those (they're under dual control like any other sensitive thing), somebody would likely notice...

--Lindsey