Posted on 09/19/2006 5:36:00 PM PDT by Eagle9
An unpatched vulnerability in all editions of Microsoft's Internet Explorer browser is being exploited, security researchers said Tuesday, with the attack dumping a broad range of adware, spyware, and Trojans onto PCs whose users simply surf to an infected or malicious site.
First reported by Sunbelt Software -- although rival Internet Security Systems claimed it was the first to discover the bug -- the vulnerability is in how IE renders VML (Vector Mark-up Language), an extension of XML that defines on-the-Web images in vector graphics format. The previously unknown -- and thus unpatched -- bug inside IE is already being used by attackers.
So far, said Eric Sites, vice president of research and development at Sunbelt, the exploit has shown up on hardcore porn sites, which are serving a buffet of badware to users who visit those sites.
"First they were pushing Virtumondo adware," said Sites, "but by late afternoon yesterday, these sites were distributing more than 40 different types of malware, including keyloggers, adware, and backdoors."
The new exploit seems to have a connection to WebAttacker, an multi-exploit attack "kit" created by a Russian group that sells for as little as $15 to $20. "We think that this new exploit is inside a new [version of the] kit," said Sites. "If that's true, then it will end up all over the place."
Sites said he expects that the exploit will migrate to one of the so-called "iframe cash" sites -- the term comes from the iframecash.biz site -- which use affiliates to push unpatched exploits to a large number of other Web sites, some of which are legitimate addresses whose servers have been previously compromised.
"This could end up being in lots
(Excerpt) Read more at techweb.com ...
It's the apps that require IE that are infuriating. Quickbooks Pro requires IE.
A fundraising donor tracking package a lot of nonprofits use is Giftworks from MissionResearch is just a script running in IE, and as admin at that. They'll get killed by this. Heck, they get killed by the Kodak photo CDs from the Big Box stores, that one rewrites IE.
Lots of buck$ for those that repair computers.
LOL!
I love Opera9, good solid browser.
"Heck, they get killed by the Kodak photo CDs from the Big Box stores, that one rewrites IE."
What does this mean?
Wouldnt a simple solution be to not go to porn sites?
(ducking)
(excerpt)
http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html
http://msdn.microsoft.com/workshop/author/vml/SHAPE/introduction.asp
http://www.microsoft.com/technet/security/advisory/925568.mspx
This vulnerability was reported by Sunbelt Software.
This document was written by Jeff Gennari.
| Date Public | 09/18/2006 |
| Date First Published | 09/19/2006 11:14:35 AM |
| Date Last Updated | 09/19/2006 |
| CERT Advisory | |
| CVE Name | CVE-2006-3866 |
| Metric | 37.87 |
| Document Revision | 26 |
If I site requires me to use IE, I will generally email the contact people listed in the WHOIS record and then stop using the site. Since I use Linux as my desktop OS, using IE is not an option and I couldn't be happier. Again, I simply stop using that site if I have to use IE. The trick is not to use IE in the first place; and I never have. I've transitioned from Netscape -> Mozilla -> Firefox and never took that poison pill that is the blue e.
Secondly, IE is years behind in features. I cannot browse the web without tabs and the RSS/live bookmarks in Firefox. IE 6 with SP2, for example, finally included an integrated a pop-up blocker. Opera and the Mozilla browsers had them since at least 2002. Tabs? Again, Opera has had them since the late 90's and Mozilla-based browsers since '02 or so. IE7 will have tabs, only a few years behind. RSS? Yup. For a couple of years now feeds can be incorporated into Firefox. IE7 will have them.
The development team for IE7 was given one directive: "copy Firefox."
If you don't ditch IE for security, least you can do is it ditch it for its dearth of features.
By the way, IE is also a piece of junk.
I mean Kodak installs new DLLs, registry entries, and other goodies to run its picture browser. When you pop in the CD it is installed automatically. There is no uninstall. Wipe and reinstall.
This software won't install if you're running as a Limited User, but you're running as Admin, aren't you? I suspect this latest batch of spyware only installs as admin.
Sometimes, QB won't run after the KKodak changes. Hope you have a recent backup. Giftworks almost never runs. Many other apps barf on the changes.
BTW, Microsoft says XP was designed to run as admin in a KB article. I use a Mac.
I had trouble with a kodak disc that came with a camera. It sounded to me like you were talking about the discs with photos on them from a photo lab. Am I mistaken?
No you don't.
Like I said, I found it to be a very formidable browser while using it, however I prefer IE (apparently) for I went back to it.
I'm not a "dyed in the wool" supporter of IE, I just prefer it without getting into the intricities as to what the two have to offer.
I'm happy with it for I does what I require of it to do for me.
stop looking at porn and you dont have anything to worry about. :)
My Bank's internet banking requires IE or Netscape. I don't think it's worth changing banks over a browser. I use Firefox for most browsing, but I use IE for online banking.
thanks - explains a lot about in the wild troubleshooting today........
No worries. I just view browsers as having (for the most part) a narrow feature set. However, security shows a much different balance.
But last time I checked - it is America, so browse as you wish.
save yourselves - ping!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.