Posted on 03/11/2005 10:56:57 AM PST by ShadowAce
Some useful citizen has created an installer that will nail IE with spyware, even if a surfer is using Firefox (or another alternative browser) or has blocked access to the malicious site in IE beforehand. The technique allows a raft of spyware to be served up to Windows users in spite of any security measures that might be in place.
Christopher Boyd, a security researchers at Vitalsecurity.org, said the malware installer was capable of working on a range of browsers with native Java support. "The spyware installer is a Java applet powered by the Sun Java Runtime Environment, which allows them to whack most browsers out there, including Firefox, Mozilla, Netscape and others. In the original test, only Opera and Netcaptor didn't fall for the install but Daniel Veditz, who is the head of Mozilla security, has since confirmed to me that this will also work in Opera and Netcaptor," he explained.
In the example Boyd highlights surfers looking for Neil Diamond lyrics (of all things) are served with a variety of adware and spyware packages including Internet Optimizer, sais (180 Solutions) and Avenue Media. Thereafter, if victims allow the packages to install, victims will be bombarded with pop-up ads and their computer will be reduced to a crawl. The malware doesn't install automatically but managed web security firm ScanSafe reckons the pop-up dialogue it generates is obscure enough to fool most home users.
ScanSafe reports an increase in spyware of 15 per cent over the last three months of 2004 compared to the previous quarter. Adware accounted for three of the top 10 most prolific threats recorded by ScanSafe over Q4 2004. Spyware authors have thus far restricted themselves to targeting vulnerabilities in IE but ScanSafe reckons it’s only a matter of time before they turn their attention towards alternative browsers.
John Edwards, CTO of ScanSafe, said that some users migrated away from IE to alternative browsers such as Firefox after various security scares last year. He cited figures from Secunia that Firefox and IE were both subject to five advisories in the first two months of this year to support his argument that Firefox was not "bullet-proof".
"Just switching away from IE does not give adequate projection. Now that Firefox and other alternative browsers have a toehold in the market the hacking community will get busy exploiting the vulnerabilities that exist in any complex browser," he said. ®
Any lyrics are hazardous, my wife was searching for lyrics the other week and next thing I know, her laptop was infected. Spent about two hours cleaning up that one.
So blaming Java for a user who chooses to install something seems a bit silly, to me.
Don't know, but if you want to look at many of the neat weather maps, you need to have Java on....
Oh, the horrors!
Do I really need the /sarcasm tag?
All of you preaching the wonders of Firefox now have egg all over your faces!
Poetic Justice, I say!
Sometimes the popup asks you whether or not you want to install the software. If you answer "No", it downloads anyway. If you get one of those popups, best thing to do is to go into the Task Manager and cancel all instances of IE.
Well, there's a voice from the past - haven't seen much of you lately ;)
more news.
My thoughts exactly. The main problem is the writers of this crap. The minor problem (but far more pervasive) is IE.
Been crazy busy. Got a new job, I'm the boss now, dang it.
I still lurk a lot, I have very little time to post these days.
IE is so tightly integrated into Windoze it's hardly worth removing, and as I understand it (I haven't tried) you can mung up your OS pretty bad by removing it.
That's nice. Is there anyway to totally kill IE on XP? I can't find one. Try this: delete or rename C:\Program Files\Internet Explorer\iexplore.exe. Next thing you know, there'll be a fresh copy of iexplore.exe sitting there.
:^)
For about a month there back in the early '90s, I was afraid that's where I'd end up.
Thank god for the dot com bubble! Been busy ever since.
ROFL!!!
Who owns this operating system anyway? ....LOL!
And you pop us with this, Great.
Don't choose to install anything from a web site and you'll be fine.
That's XP's way of preventing stupid mistakes or malicious changes to your WinXP system. There are cached versions of WinXP file in another directory under the windows directory.
I was just discussing all the security problems in windows/etc. with a friend. (I was pondering going to linux.) Really, all software has bugs. Windows just gets more coverage because of it's HUGE market share. So the problem seems bigger in Windows but is really the same everywhere else too. Oh, and since Linux is open source it's easier to get into the code and figure out a hack to it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.