IE Vulnerability Exposing Banking Logins, Spreading Rapidly 93
jfruh writes "A vulnerability in Internet Explorer 9 and 10 that allows attackers to target banking login info, first reported on February 13, is being exploited in the wild, and attacks are spreading rapidly. Sites compromised by the malware run the gamut from U.S. Veterans of Foreign Wars site, to a site frequented by French military contractors, to a Japanese dating site. Microsoft has released a 'fix-it tool' but not a regular patch."
Re:Is IE Really to Blame? (Score:5, Informative)
Re:Is IE Really to Blame? (Score:3, Informative)
Any compromised website can take over the browser. So a malware ad hosted on Youtube or ./ can infect the browser, and the attacker can then snoop on future activity – e.g. on banking sites.
And this is exactly why I always run an ad blocker.
Given the current mess that is web advertising, it would be foolish to do otherwise.
Re:Is IE Really to Blame? (Score:5, Informative)
Clearly the wild pointer read error is in IE not in the server. They need to hack the server to post the exploit code in their server. But they could also create the same vulnerability in a site owned by them. No need to hack. But it is more difficult to lure visitors to the newly created malware site. That is why they need to hack a well visited site to upload the hack. But all visitors to that site using Chrome and Firefox and other versions of IE are not affected. Fault lies solely on these versions of IE