Posted on 12/01/2005 7:41:41 AM PST by ShadowAce
The release of a Trojan that exploits an unpatched IE hole has prompted speculation that Microsoft may release an emergency out-of-cycle security patch. The Delf-DH Trojan downloader uses an Internet Explorer vulnerability to infect unprotected Windows users who stray onto maliciously constructed websites. Delf-DH downloads other malware onto infected machines changing settings in order to monitor user activity and redirect surfers onto porn sites.
The attack relies on a flaw in the way IE handles requests to the window() object, highlighted by proof-of-concept code last week and now used in anger by VXers. Even fully patched Windows 2000 and Windows XP systems are vulnerable. Until a patch is available to address this vulnerability, US-CERT strongly encourages Windows users to disable Active Scripting.
Security experts at the SANS Institute Internet Storm Centre speculate that the attack, though not widespread, is serious enough for Microsoft to release an out of cycle patch rather than waiting for its scheduled monthly patching day, which this month falls on 13 December. Microsoft isn't commenting on when a patch might be available but the smart money is on Redmond following a June 2004 precedent and releasing an emergency security fix outside its regular Patch Tuesday updates. ®
How do you disable active scripting?
Porn at your own Risk!
Use Firefox
Use Mozilla Firefox.
YOU BEAT ME!!!
KAAAAAAAAAAAAHHHNNNNNNNNNNNNN!!!!!!!!!!!
;)
Agreed. IE sucks when compared to Firefox.
How to Disable Active Content in Internet Explorer:
http://support.microsoft.com/kb/q154036/
I'm not sure if I would do this, as it will affect your ability to use some sites. Also, if you decide to disable scripting, make a note of what you do so you can undo it after installing the patch.
bump
"... infect unprotected Windows users who stray onto maliciously constructed websites
Porn at your own Risk!"
Not just porn. Warez sites tend to be buggy, some newsgroups(age showing), and chat programs can be vectors for the malware.
Opera, Mozilla, Flock (beta), Firefox, and others may not be a bad idea till proprietary Internet Explorer hole (PIEHOLE) gets closed.
Top sends
"One needs to be careful when one calls the dragon!..."
This type of attack isn't very effective against most people who don't go to such sites. It could be extremely dangerous though, if someone incorporated it into a hack of a legitimate site. I'd asses the danger of this defect to be low risk, but MS should put out a patch promptly to protect their customers.
True, but it still affects those of us who don't go to those sites, by zombifying those who do. Those zombies then send out attacks/spam/etc to everyone else.
Good point. This is really the only reason I care about windows viruses/worms. If it couldn't affect me, I would just let folks suffer in ingnorance of alternatives. Well... maybe not, but I'd think about it.;-)
So--Have you checked your preferences for pop-ups in Firefox?
Tools-->Options-->Content and there is a checkbox for "Block pop-up windows" or something similar. Be sure that it is checked.
If it is checked, click on the "Allowed Sites" button ext to it, and see if you have any entries in there. If not, then my next step would be to run Spybot, Ad-aware, etc to clean up your system.
Let me know if that works or not. I'm interested to see what happens.
Pop Ups are blocked with no exceptions. I cleared Cookies and Cache while I was there...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.