More IE Flaws!

Per Hansson · Jun 30, 2004

Originally posted by acidosmosis
And I suggest you read what I said and quit making assumptions and turning my posts around into meaning something totally different.

Who cares what IE is affected by, other than the general public. If your so afraid and get hit by exploits so much then you need to rethink your level of expertise. Period.

Originally posted on ISC Daily diary 2004-06-25
A large number of web sites, some of them quite popular, were compromised earlier this week to distribute malicious code. The attacker uploaded a small file with javascript to infected web sites, and altered the web server configuration to append the script to all files served by the web server. The Storm Center and others are still investigating the method used to compromise the servers. Several server administrators reported that they were fully patched.

If a user visited an infected site, the javascript delivered by the site would instruct the user's browser to download an executable from a Russian web site and install it. Different executables were observed. These trojan horse programs include keystroke loggers, proxy servers and other back doors providing full access to the infected system.

The javascript uses a so far unpatched vulnerability in MSIE to download and execute the code. No warning will be displayed. The user does not have to click on any links. Just visiting an infected site will trigger the exploit.

Originally posted by acidosmosis
Who cares what IE is affected by, other than the general public. If your so afraid and get hit by exploits so much then you need to rethink your level of expertise. Period.

Let me ask you one thing Acid, do you know the sites you visit so well that you can be 100% certain that they have not been hacked into without the siteadmin knowing it?

The Internet Storm Center mentioned in one of their news diaries that major sites had been targeted.. Including banks. The only thing you would need to do is visit these hacked sites frontpage and you would be infected. No error message would be delivered by explorer or your computer and the site you visit would look exactly the same it did before the attack.

Furthermore antivirus definitions where not available for these problems until several days after the initial attack, and as we all know the people creating these viruses/trojans only need to slightly change them so they are not detected by the latest AV definitions...

Originally posted by acidosmosis
Eh, Nick.. only an ***** would disable JS. Then your browser isn't worth much more than this crap they call Firefox for example.

Maybe you should quit making these assumptions? Firefox handles JavaScript very fine thank you. Plus it does it without the added benefit of allowing sites to install backdoor to your computer without any information.

Originally posted by acidosmosis
And yes obviously I know what a firewall does, but the fact remains (and yes it is a fact) that a firewall and common sense is all you need to be completely fine. I've survived on the web for about 10 years with hardly any problems. And up until about 2 weeks ago, that was without a firewall, without turning anything off in IE, or doing any of these things the so called "experts" recommend.

Yet again I want you to realize that a firewall would do nothing to stop this sort of attack we see here, since the file is downloaded from the server you request data from.

Originally posted by acidosmosis
I'll try not to bring up the point that other browsers lack so much that IE doesn't and how a simple firewall fixes this issue with (being attacked) and allows us to use a functional browser which has everything I need in one browser that all other browsers never can do correctly or just don't do at all. Not counting how ugly they all are (myIE2 looks alright though).

Internet Explorer does not offer _any_ additional functionality compared to Opera or Firefox, the _only_ thing it offers is compability with sites that do not follow the W3C standard.

Yet again, a firewall would _not_ stop this kind of attack we saw here from happening where a large number of websites where hacked into and got some javascript code appended dynamically to every html file the server serves to endusers.

---agissi--- · Jun 30, 2004

Not too sure where all the post's went (including mine) but I'll say it again, just stick away from the sites with this stuff to mess you up, be cool like me, and you dont need to worry about all the reported flaws.

Nic · Jun 30, 2004

Originally posted by ---agissi---
Not too sure where all the post's went (including mine) but I'll say it again, just stick away from the sites with this stuff to mess you up, be cool like me, and you dont need to worry about all the reported flaws.

And exactly how do you tell which sites are/aren't infected? :blackeye:

Maybe you are psychic, unlike the rest of us here, no?

Seems to me that everything posted here went completely over your head. :rolleyes:

young&wild · Jun 30, 2004

Originally posted by ---agissi---
Not too sure where all the post's went (including mine) but I'll say it again, just stick away from the sites with this stuff to mess you up, be cool like me, and you dont need to worry about all the reported flaws.

Dude, i m just curious how do you know if a website is safe or not? We are talking about Java script here not like your ordinary virus attack that doesn't use Java script.

I suggest you please READ Per's last post a few times thoroughly before posting ANY new comments.

Rick · Jun 30, 2004

I understand sticking with an argument.. That's what makes discussion fun.

But there's a point where you have to throw in the towel. This point occurs when your argument is contested by fact.

FACT: This exploit only affects IE users. Javascript can be run on most browsers. But this is an exploit which only takes advantage of IE's security flaws only. So other browsers are not susceptible (for the time being)

FACT: A firewall does not stop javascript. That's up to you. However, a future security patch, disabling java script or an antivirus able to detect the exploit may prevent infection.

FACT: You do not know all of the sites that are infected. The websites are bugged unknowingly by a hacker. Not even the web admin may know about the problem (otherwise it would probably be fixed...). So us individuals DEFINTELY don't know if a site has been compromised or not. Don't assume you do.

Godataloss · Jun 30, 2004

So I can use firefox to pay my credit card later? I'm likeing it more and more.
I can almost see agissi's and acid's points(if you totally disregard the fact that you have no way of knowin which sites are infected), but using IE is becoming akin to using day-glo skins in a deathmatch- why make yourself more of a target? There is daring and then there is stoopid...

Nic · Jun 30, 2004

US Government warns against Internet Explorer

THE US GOVERNMENT has sent out a warning out to internet users through its Computer Emergency Readiness Team (US-CERT), pleading users to stop using Microsoft's Internet Explorer.

Following a malware attack last week which targeted a known flaw in IE, like so many other attacks, the US-CERT recommended using alternative browsers thanks to their increased security. Microsoft is hurriedly trying to increase IE's security with the Windows XP Service Pack 2, but it's not fast enough for many.

In a vulnerability note released by US-CERT, it says "there are a number of significant vulnerabilities in technologies relating to the IE domain" and that "it is possible to reduce exposure to these vulnerabilities by using a different web browser." Well, they're right. The latest "extremely critical" IE bug has still not been patched by Microsoft. µ

Internet Exploder will harm your machine

---agissi--- · Jun 30, 2004

Lay it down Rick!

And to the point of how I know what sites are infected or not - It comes naturally, hence im clean to date

Nic · Jun 30, 2004

Uranus

---agissi--- · Jun 30, 2004

Yeah maybe its the home land

Rick · Jul 1, 2004

Originally posted by ---agissi---
And to the point of how I know what sites are infected or not - It comes naturally, hence im clean to date

TechSpot

Welcome to TechSpot

More IE Flaws!

Per Hansson TS Server Guru Posts: 1,796 +66

---agissi--- TechSpot Paladin Posts: 2,369 +9

Nic TechSpot Paladin Posts: 1,926

young&wild TechSpot Chancellor Posts: 1,268

Rick TechSpot Staff Posts: 6,255 +38

Godataloss Newcomer, in training Posts: 501

Nic TechSpot Paladin Posts: 1,926

---agissi--- TechSpot Paladin Posts: 2,369 +9

Nic TechSpot Paladin Posts: 1,926

---agissi--- TechSpot Paladin Posts: 2,369 +9

Rick TechSpot Staff Posts: 6,255 +38

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.