Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Internet Explorer The Internet Security

Trojan Exploits Unpatched IE Flaw 177

onebuttonmouse writes "The Register reports on a trojan spotted in the wild that takes advantage of the so-far unpatched IE vulnerability mentioned on Slashdot earlier this week. From the article: 'The release of a Trojan that exploits an unpatched IE hole has prompted speculation that Microsoft may release an emergency out-of-cycle security patch. Delf-DH downloads other malware onto infected machines changing settings in order to monitor user activity and redirect surfers onto porn sites. The attack relies on a flaw in the way IE handles requests to the window() object.'"
This discussion has been archived. No new comments can be posted.

Trojan Exploits Unpatched IE Flaw

Comments Filter:
  • by suso ( 153703 ) * on Thursday December 01, 2005 @09:28AM (#14156416) Journal
    The fix for this is here [mozilla.org]
    • Gah! Delf-DH just popped up and redirected me to a fox hentai site.
    • by SatanicPuppy ( 611928 ) <Satanicpuppy.gmail@com> on Thursday December 01, 2005 @09:43AM (#14156544) Journal
      ...and redirect surfers onto porn sites.

      Fix? It's not a bug, it's a feature. Maybe IE is improving!
    • The fix for this is here

      I know you are joking but I notice that if you live in the UK you cannot get hold of an en-GB version of Firefox 1.5.

      It seems a bit odd that Slovenia (population 2,011,070), Norway (population 4,593,041) and Finland (population 5,223,442) can all have 1.5 produced before us despite the fact that their population numbers combined are significantly less than the 60,441,457 for the UK.

      (It's not like we're a backwater either, we have the second highest [internetworldstats.com] number of internet users afte

      • I like en_GB as much as the next man; but I'd hazard a guess that en_GB is lower priority as we can get by perfectly well with en_US. Slovenia, Norway and Finland - probably not so much.
      • I know you are joking but I notice that if you live in the UK you cannot get hold of an en-GB version of Firefox 1.5.

        It's very rare that we get en_GB 'translations' for anything - I would be surprised if the translated Firefox has more than just a couple of words changed in it. I've been using the US version and had no problems whatsoever.

        If anything, having a British English interface feels really weird, and I kind of do a double-take when I see words like 'colour' spelt correctly on a computer - my iBook'
    • by MtViewGuy ( 197597 ) on Thursday December 01, 2005 @10:30AM (#14156974)
      That would be great if you didn't have to update all your themes and extensions and/or wait for updated themes and extensions just to support Firefox 1.5. You'd think everyone would be more timely on this.
    • by Crayon Kid ( 700279 ) on Thursday December 01, 2005 @10:42AM (#14157093)
      Unfortunately, Firefox 1.5 is also affected [mozillazine.org] by the bug. Granted, it only freezes up and has to be killed manually, so it's not as severe as remote code execution. Still...
      • I have tested it myself, and Firefox does not crash, it just takes a *long* time to render the page.

        This shows that the renderer needs to be threaded to allow for multiple renderings to take place at once.

        Or at the very least, the UI and renderer need to be on seperate threads.
    • ... and redirect surfers onto porn sites.
      For once, a reason to use Windows

      ... so when will they release a linux version? :-)

    • see here [com.com]. I'm tired of open source zealots who don't even understand that the software they used is not secure.
      • I'm tired of open source zealots who don't even understand that the software they used is not secure.

        Yes, I can totally see the resemblance. On one hand, Mozilla and Firefox with a patch already available for a two-week old problem, and on the other Explorer with no patch for a 6 month old problem. It's like looking into a mirror.
  • by Anonymous Coward
    Thank god I still use Mosaic. Hey, if it ain't broke...
  • Dupe... (Score:5, Funny)

    by NardofDoom ( 821951 ) on Thursday December 01, 2005 @09:30AM (#14156438)
    We heard about this same sort of thing hundreds of times. The editors really need to read the articles more carefully...
  • by GauteL ( 29207 ) on Thursday December 01, 2005 @09:31AM (#14156447)
    "elf-DH downloads other malware onto infected machines changing settings in order to monitor user activity and redirect surfers onto porn sites."

    So it is basically automated pr0n! From now on, you won't have to use your left hand.
    • I'm on a Mac. Can I still get infected? I have no anti-virus, hoping that a virus like this would be released.

      I might switch back to Windows afterall.
    • Elf-porn is somewhat of a niche market, though.
      • by Anonymous Coward
        Elf-porn is somewhat of a niche market

        I'd certainly enjoy being stuck in a nice wooded niche with Liv Tyler, Cate Blanchett, and some hot grits. Heck, Orlando Bloom can tag along too as long as he understands I'm da man.
  • Flaw? (Score:5, Funny)

    by CaymanIslandCarpedie ( 868408 ) on Thursday December 01, 2005 @09:31AM (#14156451) Journal
    and redirect surfers onto porn sites

    Sounds more like a feature to me ;-)
    • Duh! I just downloaded Firefox 1.5 too! How do I set IE as my default browser again?
    • Re:Flaw? (Score:2, Insightful)

      by TCFOO ( 876339 )
      Sounds more like a feature to me ;-)

      Unless you don't want to see that stuff.

      Think about this. 10 year old little Jimmy is on Yahoolagins playing Go Fish, and Delf-DH desides to work its majic jest as his mother walks into the room. The poor kid is going to have a sore rear end because of some malware and an IE security flaw.
      • Well.. what is little billy doing running as an administrator? Oh his parents.. hrmm clearly they didn't know how to use a computer... sucks to be billy... but hey... irresponsible parents.. There should be a requirement to have a license to get on the internet.
    • What the article doesn't tell, is that sometimes, the virus redirects to goatse.

      GAHHHH!!!!

      Heheh. Just kidding.
  • ...or enable inactive surfing
  • by Dtyst ( 790737 ) on Thursday December 01, 2005 @09:33AM (#14156470)
    Average joe search for p0rn
    He fins a site with virus that gets installed on his computer.
    Virus finds the pr0n for him....
    Both win!
  • Wait a minute! (Score:2, Interesting)

    by ThatGeek ( 874983 )
    You mean that IE isn't 100% dedicated to perfect security?

    I don't see the point of these announcements. People who care about not getting hacked are using Firefox, Opera, Safari or Lynx at this point.

    People who still use IE... well... they probably won't do much in response to this warning anyway.

  • A trojan to redirect my browser to porn sites. I do that well enough without the assistance. *grin*
  • Very Scary! (Score:5, Funny)

    by roman_mir ( 125474 ) on Thursday December 01, 2005 @09:38AM (#14156513) Homepage Journal
    Apparently this wild trojan uses IE to direct a very specific type of attack against /., which results in dupe stories being posted!
  • by Vo0k ( 760020 ) on Thursday December 01, 2005 @09:42AM (#14156538) Journal
    "The Register reports on a [[register article|trojan spotted in the wild]] that takes advantage of the so-far unpatched IE [[|Slashdot story|vulnerability]] mentioned on Slashdot earlier this week."

    That should be done like this:

    "The Register [[register article|reports]] on a [[a page with the trojan|trojan spotted in the wild]] that takes advantage of the so-far unpatched IE [[How to exploit?|vulnerability]] [[Slashdot story|mentioned on Slashdot]] earlier this week."
    • > [[a page with the trojan|trojan spotted in the wild]]

      Click !

      Thousands of Slashdotters using IE (at work!) just did infect their computers (and the whole LAN at the same time).

      Tenths of thousands rambling because the trojan has been Slashdotted already !
  • by lithod02 ( 553131 ) on Thursday December 01, 2005 @09:43AM (#14156551)
    So, if I run IE under wine on linux I can get all the free pr0n delivered to my desktop. Nice. Click the big blue "E" for free e-pr0n
  • Oh, wait, we're not. Just fucking with you.
    Hopefully both IE slashdot users don't have mod points today.

    Now if only I can figure out how to enable popups, disable tabs, and make Safari look all multicolorful and jaggy I'd be one effective mofo.
  • Hole in IE?

    Exploited?

    Must be a slow news week.
  • One Care Live (Score:2, Informative)

    Maybe they're selling the fix through the new anti-virus software?
    • You know, if it were any other company than Microsoft, people wouldn't put up with such a thing. Microsoft selling anti-malware software would be like a car company forgetting to put brakes on their cars, and then charging for the fix! But a car company wouldn't be allowed to do that; they'd instead have to do a recall and fix the problem at their own expense. Why is Microsoft allowed to get away with it?!
  • Crapware (Score:2, Insightful)

    by PacketScan ( 797299 )
    Would this be the 6 month old exploit that MS didn't feel was important enough to take care of? Complete Crap..
  • by this great guy ( 922511 ) on Thursday December 01, 2005 @09:52AM (#14156626)

    ...of why we say that MS doesn't care enough about the security of its users. MS should be even more committed into improving the speed of development & QA of security patches. This particular zero-day vuln is known since at least one week, and MS still hasn't distributed a fix. Delaying the release of a fix to Patch Tuesday doesn't make any sense when the vuln details are already publicly known. They should at least release beta patches (if the QA process is not yet complete) for users who NEED security and can afford potential stability problems. Other users can wait for Patch Tuesday if they want.

    But one week is nothing compared to other vulns. Look at this list of other currently unpatched holes in MS products: http://www.eeye.com/html/research/upcoming/index.h tml [eeye.com]. Some of them has been reported months ago and are still unfixed. This is inadmissible for a multi-billion dollars company.

    • Ok, I really offended by the suggestion to release something that hasn't finished the QA process. There could be something dangerously broken with the mystical "patch" you speak of (which might or might not exist), but you want it out in the world anyway. If they did release something that caused more problems than it solved (has happened before) you'd be crying bloody murder at them for releasing something before it was ready.

      It isn't like they have a wall of potions and just mixing the right combination
    • This particular zero-day vuln is known since at least one week, and MS still hasn't distributed a fix.

      I'm willing to give them the option that their code suck so much that fixing this would take more than a week.
    • This is inadmissible for a multi-billion dollars company.
      No, this would be standard practice for a multi-billion dollars company. Left hand, meet...oh crap, where'd right hand go?
    • "This is inadmissible for a multi-billion dollars company."

      Strike that. This is inadmissible for a multi-billion dollar company who claims security is priority one.

  • could anyone point me to where I might pickup this gem of a virus? I'm a little bored and was hoping to "research" the auto-pr0n capabilities. Reinstalling IE now...
  • Anyone else find it ironic that the page has ads for Microsoft "secure" network tools and trojan blocking? There was one when I first vied the page. I did a reload and it showed a different one on the same theme.
  • by ZachPruckowski ( 918562 ) <zachary.pruckowski@gmail.com> on Thursday December 01, 2005 @10:00AM (#14156704)
    The Sky is blue!

    Bears still crap in the woods!

    Amazingly, the Pope is Catholic!
    • Well, the joke is that the Pope is a Baptist:

      Catholic: Who do you confess your sins to?
      Baptist: God. So, who do you confess your sins to?
      Catholic: A priest.
      Baptist: I heard about that, who does the priest confess his sins to?
      Catholic: A bishop.
      Baptist: Who does the bishop confess his sins to?
      Catholic: A cardinal.
      Baptist: Who does the cardinal confess his sins to?
      Catholic: The Pope.
      Baptist: Okay, who does the Pope confess his sins to?
      Catholic: God.
      Baptist: Oh, so the Pope is a Baptist!
  • I'm beginning to suspect that all these IE vulnerabilities are a marketing ploy. Let's face it, there's got to be 100 articles a week on IE vulnerabilities, keeping IE in front of everybody, while Firefox & Opera get so little coverage (except for maybe on /.). Of course if this is true, then it just goes to prove how genuinely stupid and useless marketing people really are...

  • Lets keep it fair! (Score:4, Interesting)

    by XMilkProject ( 935232 ) on Thursday December 01, 2005 @10:06AM (#14156752) Homepage
    Before everyone gets too worked up bashing IE, as in the previous few articles on this exploit, let's remember that this problem was freezing/crashing FireFox 1.5 also.
    Although the security threat isn't existent in FireFox, the browser still fails on these pages.

    Now before I get flamed, let it be known that I think IE is a disaster and it's lack of standards compliance is one of the main things holding back proper advancment in web technologies, but we don't want to go and be unfair when our browser crashes too!
    • by amrust ( 686727 )
      I agree, fair is fair. But /. has been pretty good about making a big deal over "flaws" in Firefox, lately. It wasn't too long ago that I recall reading here almost once a week about some "new security vulnerability" in Firefox.

      Of course, I'm bitter about IE this week anyway, after trying like crazy to get IE to work with Outlook Web Access, for my wife in her office at home. Ran every update Microsoft asked for, searched every Knowledge base article I could find. No help. How did I resolve it?

      I switched m
    • by ZachPruckowski ( 918562 ) <zachary.pruckowski@gmail.com> on Thursday December 01, 2005 @10:43AM (#14157098)
      Although the security threat isn't existent in FireFox, the browser still fails on these pages.

      "$RANDOM_WEBSITE crashes a browser" isn't worth a news article. It's worth a bug report, and a fix, either to the site or to the browser, but it isn't worth a news story. Major crashes and computers being remotely controlled, however, is a big deal.
      • "$NOT_SO_RANDOM_WEBSITE crashes a browser" IS noteworthy. If a browser accepts untrusted data, then is closed by the operating system for doing something un-program-like (in other words, crashing), then it reveals a programming flaw that might be exploited six months down the road.

        Browsers should never crash.
        • If a browser accepts untrusted data, then is closed by the operating system for doing something un-program-like (in other words, crashing), then it reveals a programming flaw that might be exploited six months down the road. Browsers should never crash.

          Ideally, they should be free of crashes, but we're on the topic of "Let's keep it fair!", and I'm saying the Firefox reaction isn't as big a deal as the IE reaction. I'm not saying it doesn't need to be dealt with. It clearly does. I'm saying it isn't u
          • The difference between crashing and surrendering your computer to remote control is in the data. I mean, this six-month unpatched IE vulnerability was low-priority because it "only crashed" IE. It wasn't until recently that someone figured out the right multi-thousand character string that changed it from "crashing" to "zombie".

            That being said, not all crashing is exploitable, but I distrust those who say they can tell which is and which isn't.
    • Actually it doesn't freeze/crash FF. It just takes 90 seconds to two minutes to render the 200k+ char string that is getting passed to the prompt() for this exploit to get started.
  • The exploit never worked for me anyway, so I don't think I have anything to worry about ;)
  • by certel ( 849946 )
    One could make updating IE a full time job. It's rather annoying that you have to worry about this type of thing while browsing the internet.
    • One could make updating IE a full time job.

      Oh, you mean just INSTALLING patches! At first read I thought you meant WRITING the patches.

      I suspect Microsoft already has a person assigned to writing IE patches. Maybe they're splurging and have two people assigned.
    • Well, of course! Why else do you think Microsoft has a MCSE program? Microsoft makes money coming and going -- first by saving money writing quick-and-dirty code that allows exploits to happen, then again by charging money for training people on how to clean them up! In fact, this tactic is working so well for them that they're expanding into selling anti-virus/malware software too. Isn't Bill Gates a genious, for figuring out how to create his own market?!
  • So, the vulnerability is 6 months old, and it never got fixed as a minor risk. It got escalated to a highly critical risk (by almost all security bulletin systems) over 1 week ago, when a proof of concept came out showing that a malicious site could cause take control of PC remotely. Now there is even malicious trojans out on the net exploiting this hole in IE.

    So in 1 week, what did MS do? The promoted their new Live product of course. Microsoft released a security advisory [microsoft.com] stating that no patch exis
    • MS is a company made up of lots and lots of divisions that all do their own thing. So the Live group was able to figure out the trojan and put in a simple script to delete the executable before the OS group could re-engineer a chunk of IE. Big deal, sounds pretty normal to me. I think you're trying to invent a conspiracy. It's not like all however many thousands of MS employees all work on all of the same things at the same time, which you seem to imply.
  • "redirect surfers onto porn sites."

    This doesn't sound like such a bad trojan afterall.
  • i really don't know of anyone still using IE besides the retards who run the technology in public areas that assume that anything besides microsoft's standard software setup is incompatible and compltely unusable.
  • by GISGEOLOGYGEEK ( 708023 ) on Friday December 02, 2005 @12:44AM (#14163833)
    Thanks slashdot, you've now reported this non-story 3 times.

    How about we start reporting every little problem with non-MS products 3 times each ... instead of maybe reporting every 5th problem.

    It's time for a little balance here!

Technology is dominated by those who manage what they do not understand.

Working...