IE Vulnerability Exposing Banking Logins, Spreading Rapidly

jfruh writes "A vulnerability in Internet Explorer 9 and 10 that allows attackers to target banking login info, first reported on February 13, is being exploited in the wild, and attacks are spreading rapidly. Sites compromised by the malware run the gamut from U.S. Veterans of Foreign Wars site, to a site frequented by French military contractors, to a Japanese dating site. Microsoft has released a 'fix-it tool' but not a regular patch."

Re:Is IE Really to Blame?

[quickOnTheUptake]

The compromised site is being used to host/inject the exploit.The vulnerability that is being exploited is in IE 9 &10, and allows code execution. It is being used to get the credentials for other--non-compromised--websites.

Re:Is IE Really to Blame?

[crunchy_one]

Any compromised website can take over the browser. So a malware ad hosted on Youtube or ./ can infect the browser, and the attacker can then snoop on future activity – e.g. on banking sites.

And this is exactly why I always run an ad blocker.

Given the current mess that is web advertising, it would be foolish to do otherwise.

Re:Is IE Really to Blame?

[140Mandak262Jamuna]

Microsoft [microsoft.com] says "The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated".

Clearly the wild pointer read error is in IE not in the server. They need to hack the server to post the exploit code in their server. But they could also create the same vulnerability in a site owned by them. No need to hack. But it is more difficult to lure visitors to the newly created malware site. That is why they need to hack a well visited site to upload the hack. But all visitors to that site using Chrome and Firefox and other versions of IE are not affected. Fault lies solely on these versions of IE