Internet Explorer under attack when not in use

By Derek Sooman on March 18, 2005, 1:59 PM
A nasty new piece of spyware can seemingly infect IE even when the browser isn't being used at the time, using Java. Therefore, even Windows users who have switched to Firefox, or some other alternative browser are not safe.

News of the attack first surfaced on a Web forum and was later investigated by Christopher Boyd of Vitalsecurity.org, a UK-based security news site. When users visit an infected site, they are asked to install a Java applet distributed by "Integrated Search Technologies".

If the user agrees, a .jar file is downloaded, which proceeds to download and install a number of adware applications, according to Boyd. Internet Explorer then automatically opens, displaying advertisements and embedded advertising tools. The attack works regardless of IE's security settings, Boyd said. The installed adware includes DyFuCA, Internet Optimizer, ISTsvc, Kapabout, sais (180 Solutions), SideFind and Avenue Media, he said.


Itís not all doom and gloom, though. The spyware only works with Sun's Java Runtime Environment, and there are warnings issued during infection. But this may not be enough to stop many users from becoming infected.

The installer works on Firefox, Mozilla, Netscape and Avant, but was blocked on NetCaptor and Opera, Boyd said. "Only two out of six had the good sense to steer clear of even asking the user if they wanted to install the applet," Boyd wrote on Vitalsecurity.org.




User Comments: 11

Got something to say? Post a comment
Soul Harvester said:
Yet another reason to try another OS !
Phantasm66 said:
This is seriously bad news.
Mictlantecuhtli said:
No matter how bad news it is, it takes much more than this to make users even think about other operating systems - if they even know such things exist. Most people just grin and bear it, with spyware removal tools or simply by reinstalling the whole OS. And of course everyone's confident that the next Windows will end all this...
Phantasm66 said:
If IE7 is a seperate product from IE6, then this isn't going to go away, because IE6 will still be on your system.They should surely patch soon, but what about all the people who will not patch their systems?
rsherrell said:
ALL operating systems are under attacks by criminals. This juvenile battle going around about which OS is most secure is ridiculous. Linux, Solaris, Apple, Unix and Microsoft are all vulnerable. Do you think the systems that get hacked and have millions of credit card numbers stolen are running XP Home Edition? We should quit pointing fingers at OS's and start nailing the hackers, the REAL criminals.If the attacks keep up then one day the Internet will become unusable. Will we then argue about which OS is best when running disconnected from the Internet?
Phantasm66 said:
Right now I am studying UNIX security, and believe me, there are plenty of problems there too. There is an abundance of Linux boxes out there that are not secure, and are frequently not patched as well.The difference here, though, is that is seems like it is becoming a liability just having IE on your machine at all. And that IS bad. It has nothing to do with which OS is best, its just BAD.
Nic said:
This isn't an I.E. flaw, but an attack on I.E. using JVM together with non-savvy users to run a program that compromises I.E. This type of attack could just as easily target other applications and isn't limited to browsers or I.E., though that is what the program was set up to attack. How is the user expected to know whether or not to trust the applet? If they click 'yes' and allow it to run, despite warnings from the JVM, then how is this a fault with I.E.? It is more a fault with the JVM for allowing access to the host OS, by an application downloaded from the web. This is something that isn't supposed to happen, though granted warnings are displayed. At least some browsers, such as Opera, will take action to block the attack, even if the JVM won't. Lets hope that Sun patches the JVM to stop this type of thing from happening.[Edited by Nic on 2005-03-20 19:53:24]
rsherrell said:
I must agree that the focus now should be on security and improvements to preventing weaknesses in applications and Os's.This weakness in JVM did surprise me as I felt that Sun does the best they can the majority of the time. But thanks to the people that caught this so it can be patched.I must admit that I.E. does attract more than its share of attempts to hack it. Bill did make a lot of people dislike him on his way to being the richest man on earth.But when people hack applications and OS's, they only harm other people, not Bill Gates. For all the problems in the Microsoft suite that have been exploited, Bill hasn't missed a paycheck.The attacks have only created a huge security industry and given gray hair to administrators around the world... :(
Nic said:
Firefox holier than Internet Explorer - report...[url]http://www.theinquirer.net/?article=22008[/url
[quote]MOZILLA-BASED BOWSERS have more holes than Internet Explorer, Symantec said in its seventh half-yearly Internet Security Threat Report, published yesterday. The report said Symantec had found 21 vulnerabilities in browsers such as Firefox, compaed with 13 in IE. A spokesman told the Aussie paper The Age that malicious attacks on Firefox were bound to increase as the brower becomes more popular. Apple’s browser, Safari, was hole-free during the six months to the end of 2004, the company reckoned. But OS X was leaky as a sieve, notching up 37 high-severity vulnerabilities during the period...[/quote]
Mictlantecuhtli said:
[b]Originally posted by rsherrell:[/b][quote]I must agree that the focus now should be on security and improvements to preventing weaknesses in applications and Os's.[/quote]Why not focus on educating users?
SN_2010 said:
Why would Sun patch JVM that was developed by Microsoft a decade ago? BTW: ActiveX components are not safer.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.