Update on Internet Explorer Exploit in the wild



If you use Internet Explorer to browse the web, I’d suggest finding the instructions to disable active scripting, or drop it and use something else in light of the recent exploit floating around. It seems that in spite of Microsoft’s infinite wisdom that “Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site”…. the reality is that legitimate sites have been hacked and the malicious code has been added. (Over 200 legit sites…)


Good details on this come from The security fix. The available options seem to be 1) disable active scripting (some sites may not work after this unless you add them to trusted sites…) 2) download IE7 beta2 preview (unstable beta browser?) 3) USE ANOTHER BROWSER. I would highly recommend option 3 and/or option 1, in that order…. The most popular rendition of this exploit seems to be dropping software that’s collecting private information.

Hopefully there will be an out of cycle patch for this, but from Microsoft’s official releases, it doesn’t seem they see it as a big problem “an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site”

If you’re interested in more details in what’s getting collected… Sans has a page analyzing some of what’s being snatched.

Be cautious….

Related Posts

Blog Traffic Exchange Related Posts
  • Nugache the latest in bot-net technology... and why you should care about botnets... To show you where the threat with bot networks is going there's a story today on Nugache (Symantec summary) which is a bot that takes advantage of a number of clever tricks to avoid having the whole bot net shut down, allow command and control on an encrypted channel and......
  • Disinfecting a PC… part 4 So, AVG has been scanning away finding things we've really got a foothold on the system and the malware has a fight on it's hands. It's good to see progress. Up to this point we've had multiple Spool32 errors (printer related). These errors are what prompted the system to be......
  • MSN Virtual Earth neat tricks I've spent some time covering some of the neat implementations of Google Maps and Google Earth, I've just come across a site that has similar uses for Microsoft's MSN Virtual Earth. The site is called viavirtualearth.com and not only links to examples of neat things people have done using Virtual......
Blog Traffic Exchange Related Websites
  • Should You Use Free Blogging Sites? There are certainly many blogging sites online today. It has become the biggest trend in communications for business and for personal reasons. A blog is a wonderful business tool that allows you to build a presence online as an expert in your field and develop a following of loyal readers.......
  • SEO To Drive Much More Visitors Into A Web Site Does your webpage appear somewhere on a search engine that nobody would see? Is your revenue coming from that webpage? Have you been spamming a great deal just to obtain visitors on your webpage? If you've been experiencing these, then get yourself some search engine optimization. This strategy will help......
  • Understanding The Various Layers Of Web Development To realise web development fully, you first must understand what goes in to this process layer by layer. Here's what you have to know about it. One of the most important layers of web development is content. This is the main thing that pulls people to your site and this......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site