Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Internet Explorer Microsoft Security IT

Widespread Attacks Exploit Newly-Patched IE Bug 141

Posted by Soulskill from the of-fish-and-barrels dept.
itwbennett writes "The first widespread attack to leverage the Internet Explorer flaw that Microsoft patched in an emergency update Thursday morning has surfaced. By midday Thursday Symantec had spotted hundreds of Web sites that hosted the attack code. The attack installs a Trojan horse program that is able to bypass some security products and then give hackers access to the system, said Joshua Talbot, a security intelligence manager with Symantec. Once it has infected a PC, the Trojan sends a notification e-mail to the attackers, using a US-based, free e-mail service that Symantec declined to name." Relatedly, reader N!NJA was among several to point out that Microsoft has apparently been aware of this flaw since September.
This discussion has been archived. No new comments can be posted.

Widespread Attacks Exploit Newly-Patched IE Bug More

Widespread Attacks Exploit Newly-Patched IE Bug

Comments Filter:

  • Re:Exactly how does it work. (Score:5, Informative)

    by Arancaytar ( 966377 ) <arancaytar.ilyaran@gmail.com> on Saturday January 23, 2010 @11:31AM (#30869852) Homepage

    Once Windows is compromised (by a sophisticated worm, not something that places advertisements in IE), there is very little a user can do that the worm cannot prevent or bypass.

    The Windows settings assistant may nod and smile, and say the port is closed, while the worm is using it in the background. You might see that if you look at the router's logs, but inside Windows the worm can control what you see or do.

  • Re:threat? (Score:5, Informative)

    by 1s44c ( 552956 ) on Saturday January 23, 2010 @11:41AM (#30869906)

    I just laugh. I haven't had to reformat the drive even once since I obscured IE.

    If you use windows without IE you are still very much at risk from the many other windows holes. You will cracked sooner or later and you may not even notice.

  • Re:Time to bury Firefox (Score:2, Informative)

    by baka_toroi ( 1194359 ) on Saturday January 23, 2010 @03:02PM (#30871408) Journal
    Thanks for showing me fixed vulnerabilites!

  • Re:threat? (Score:5, Informative)

    by nmb3000 ( 741169 ) on Saturday January 23, 2010 @04:09PM (#30872040) Journal

    IE market share is below 40% [w3schools.com]

    Anyone who uses w3schools's browser stats as a reference for general browser usage needs to get knocked on the head a few times. That is a perfect example of biased results due to the nature of the sample.

    A better number is about 62% [wikipedia.org].

  • Re:kind of makes you wonder (Score:3, Informative)

    by bug ( 8519 ) on Saturday January 23, 2010 @04:21PM (#30872146)
    Security firm eEye used to keep a long list of Internet Explorer vulnerabilities that they had reported to Microsoft, but Microsoft hadn't developed patches for. eEye's list tracked how many months, or even years, Microsoft had known about the vulnerabilities without releasing a patch. A few years ago, under pressure from Microsoft, eEye agreed to take their list down. Microsoft happens to be a big customer of eEye's, and presumably is responsible for a lot of eEye's revenue. This has been fairly typical behavior for security firms that have signed lucrative contracts with Microsoft over the last few years, and one wonders how much of this type of thing is merely hush money.

Slashdot Top Deals

The last person that quit or was fired will be held responsible for everything that goes wrong -- until the next person quits or is fired.

Close