New IE Malware Captures Passwords Ahead Of SSL 986
Ken Treis writes "SANS Internet Storm Center is reporting on a new strain of IE Malware. This one targets bank customers, which in itself is nothing new. But the catch is in the way it does it: it installs a Browser Help Object (BHO) that can capture login information before it is encrypted, and 'watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries.'."
Coming events (Score:5, Funny)
Wow.... (Score:1, Funny)
Re:Coming events (Score:5, Funny)
And this... (Score:5, Funny)
HA! (Score:5, Funny)
I love IE (Score:4, Funny)
Because... (Score:5, Funny)
New Genre (Score:4, Funny)
You know you really have something going for you when a single application in your product line helps defines it own genre of exploits:
Re:Coming events (Score:5, Funny)
Open Source compressor used: (Score:5, Funny)
It is actually a 27648 byte Win32 executable that has been compressed using the Open Source executable compressor UPX.
Cue the FUD saying "look I told you Open Source was inherently less secure!"
Re:I'm suprised (Score:5, Funny)
Because there are no files to check, just packets?
Re:Can someone explain... (Score:2, Funny)
Or if there is currently little or no inheritance... have her use IE in the hopes that some how her bank account will get extra funds due to the exploit thus creating or increasing your possible inheritance.
"New IE Malware" (Score:5, Funny)
Man, I'm so sick of this... (Score:5, Funny)
My Related Prayer (Score:2, Funny)
God, it's me, Anonymous Coward, I beg you, have the l33t hax0rs of the world unite to develop exploits and hacks against Linux and Firefox so that open source zealots can no longer scream about how secure their software is. Any competent person or deity (ie you) knows that there are potential exploits in both, but most have not been found because most do not look as hard as is done with Windows.
If you do this for me... I promise to sell my soul to your minions in Redmond and banish any Linux or Open Source related product from my home from now until eternity.
Amen
Re:Because... (Score:5, Funny)
Don't I have to use Internet Explorer to connect to the internet?
Whoa! Hold right up there, coyboy! You're telling me there's a difference?
(Sure it's not necessary but...just in case..."proud Firefox user since 0.6!")
Re:Because... (Score:3, Funny)
Now Im confused.
Sad... because its true (Score:5, Funny)
[joke]
"This is your computer.. this is your computer on Internet Explorer"
-or-
"Friends don't let Friends use Internet Explorer"
-or-
"Just say No to Internet Explorer"
[/joke]
Seriously, there needs to be a TV campaign or even public service banners on high traffic sites like google or CNN.
A good thing this only affects IE users... (Score:4, Funny)
Re:Coming events (Score:2, Funny)
Re:Can someone explain... (Score:4, Funny)
b) Hide the IE shortcuts
c) Change the IE homepage to say, in big letters, "YOU'RE NOT SUPPOSED TO BE USING THIS NOW GET OUT AND START FIREFOX"
d) If you have Zonealarm on her computer, set it so IE has no Internet access
e) Use IE's Content Advisor to block all Web sites
f) I could go on and on
Re:Coming events (Score:5, Funny)
Re:Open Source compressor used: (Score:1, Funny)
UPX is written in portable endian-neutral C++
<MS shill>
...thus indicating the importance of switching to .Net and disassociating yourself from the terrorist-supporting C++ language.
</MS shill>
Re:Man, I'm so sick of this... (Score:2, Funny)
Re:Why is a gif file getting run as an EXE?!? (Score:1, Funny)
Does another exploit change the .gif name to .exe or attempt to unzip the .gif file? If not, why does IE allow .gif's to be installed?!
Clearly this is a programming error. IE only allows destructive executables to be installed without permission, rather than harmless image files. Rest assured that the programmers who let this "feature" slip through will be dealt with.
Re:So.. (Score:3, Funny)
That question inhibits Firefox's widespread adoption.
Re:In other news... (Score:1, Funny)
Gates says MS is getting faster fixing security holes.
I have verified this. Microsoft technical support now tells me to reboot my machine instantly, rather than asking what the problem is first.
Re:Coming events (Score:3, Funny)
Re:Because... (Score:2, Funny)
Not only that, I suspect from the huge amount of pop-ups that she gets, that she has some major spyware, etc on her computer.
I told her she should probably fix that and install a new browser/pop-up blocker. Her response:
"When can you do that for me?"...
Re:So.. (Score:3, Funny)
Doesn't effect me... (Score:2, Funny)
Re:Coming events (Score:3, Funny)
Re:Coming events (Score:5, Funny)
Gee im glad im continously overdrawn and therefore have no money whatsover in my bank account...
the last time i asked for money at the bank they knocked me back.
"Fine!" I said, im taking my minus 1500 elsewhere...."
Re:Coming events (Score:5, Funny)
If I actually did, I think I would puke...
Re:Coming events (Score:5, Funny)
Since Mozilla just hit 1.7, this webpage must have fallen backwards in time through a freak wormhole.
If you look in the comments, it also mentions something about IE developers being "the first up against the wall when the revolution came."
Problem solved! (Score:2, Funny)
var userAgent = navigator.userAgent;
var MSIEIndex = userAgent.indexOf("MSIE");
if (userAgent.indexOf("Win") != -1 &&
userAgent.indexOf("MSIE") != -1 &&
userAgent.substring((MSIEIndex + 5),(MSIEIndex + 8)) >= 5.5)
window.location.replace("IE_BAD.htm");
and let those still using IE suffer.
My apologies (Score:5, Funny)
I really must stop watching Comedy Central.
Re:Coming events (Score:2, Funny)
You just wait, mister, until enough people start using Lynx. Then they'll start coding malware for Lynx. Just think! Pop-ups, Homepage changing... You might even get browser-hijacked to porn sights!
Mmm... ASCII porn...
Re:Because it isn't so clear cut (Score:3, Funny)
California is one weird place!
GTRacer
- Needs a new fence
Re:Coming events (Score:5, Funny)
it's the only way to fly
Re:Complain, Complain, Complain!!! (Score:3, Funny)
I do not think it means what you think it means. OpenBSD has a negligible security record. Apache has a negligible security record. IE's security record is about as gligible as it can get without torch-bearing masses tearing down Microsoft's doors in search of the Developers! Developers! Developers!
Re:Coming events (Score:5, Funny)
Re:Coming events (Score:5, Funny)
Re:Coming events (Score:4, Funny)
I read about the exploit here on Slashdot a few days ago, so obviously it's reliable. It doesn't use Javascript so disabling that won't help. IIRC, the code that causes it is something along the lines of: There is no known fix for this exploit! (Other than removing Windows from your system.)
Re:Quit the handwringing and DO SOMETHING! (Score:1, Funny)
i can handle it in a few minutes