Posted on 09/20/2006 12:41:51 PM PDT by Eagle9
Although Microsoft has acknowledged that in-the-wild exploits are taking advantage of an unpatched flaw in Internet Explorer, the developer has not committed to cranking out a fix before next month's regularly-scheduled update on Oct. 10. Users who want to protect themselves now, however, do have options.
Disable the vulnerable .dll: In the security advisory posted yesterday, Microsoft suggested that users can disable the vulnerable "Vgx.dll" from the command line.
-- Click Start, choose Run, and then type
-- regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll
-- Click OK, then click OK again in the confirmation dialog that appears.
To undo the command, use:
-- regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll
Use Group Policy to propagate .dll disabling: Microsoft's workarounds don't include this time saver, but an independent researcher has posted templates for creating a pair of Group Policy objects that disable (or undo that) for all users of a Windows domain.
For the details, head to Jesper Johansson's blog, here.
Disable Binary and Script Behaviors in IE 6: Another purely defensive move recommended by Microsoft is to turn off this scripting feature within the browser. Note, however, that this only protects against the currently-known exploit, which could, of course, morph into something else entirely.
-- Select Tools|Internet Options in IE
-- Click the "Security" tab
-- Click "Internet," then "Custom Level"
-- In the "ActiveX controls and plug-ins" section, under "Binary and Script Behaviors," click "Disable," and then click OK.
Repeat the last step above, but in the "Local intranet" zone.
Use another browser: Several security researchers and organizations have recommended dumping IE 6 in similar zero-day situations, and this was no different.
"One of the easiest ways might be to use Firefox with a plug-in to allow certain sites (such as windowsupdate.com) to transparently use MSIE to get back the ActiveX functionality without bothering the user over the choice and differences," said the Internet Storm Center in an online alert Wednesday.
Two such plug-ins (called "extensions" in Firefox parlance) that add IE functionality to Firefox are IE Tab and IE View.
In this case, "another browser" can also mean Internet Explorer 7, which is currently in Release Candidate 1. According to a Microsoft spokesman late Tuesday, IE 7 is not vulnerable to the VML bug.
IE 7 RC1 can be downloaded from the Microsoft site.
New Exploit Rocks IE, Downloads Scores Of Spyware, Adware (9/19/2006)
http://www.freerepublic.com/focus/f-news/1704561/posts(excerpt
The new exploit seems to have a connection to WebAttacker, an multi-exploit attack "kit" created by a Russian group that sells for as little as $15 to $20. ,b>"We think that this new exploit is inside a new [version of the] kit," said Sites. "If that's true, then it will end up all over the place."
Sites said he expects that the exploit will migrate to one of the so-called "iframe cash" sites -- the term comes from the iframecash.biz site -- which use affiliates to push unpatched exploits to a large number of other Web sites, some of which are legitimate addresses whose servers have been previously compromised.
"This could end up being in lots and lots of places," said Sites.
________________________________________________________________
If it does spread to legitimate addresses that have vulnerable servers, then waiting until October 10 for a patch for IE could be very risky.
USE FIREFOX!!!!!!!!!!!!!!!.........
IE has more flaws than hundred dollar diamond..........
Thanks for posting...
Two such plug-ins (called "extensions" in Firefox parlance) that add IE functionality to Firefox are IE Tab and IE View.
If Microsoft Windows Update web site will accept Firefox with either of those two extensions, then banking and MS Exchange/Outlook Web Mail and other IE only web sites should also accept it.
bttt
Man, you're cold. LOL
Yes, I've used Firefox for years ... since it was Phoenix .07
Should we "dial-ups" be concerned?
Thanks!
Usually broadband users are the primary target. In this case, you could visit a web site whose server has been exploited and the HTML of that site would automatically download the malware. The trojans, keyloggers, and over 40 different malware can be in such small packets that you wouldn't notice the download. I am not an expert on this subject, but I think that is correct.
"First they were pushing Virtumondo adware," said Sites, "but by late afternoon yesterday, these sites were distributing more than 40 different types of malware, including keyloggers, adware, and backdoors."Other researchers spotted the exploit on popular shared hosting distribution sites. The current in-the-wild exploit generates a stack overflow as soon as the user views an HTML page; once that happens, the attacker can push whatever code he wants onto the PC. "We're seeing this on dozens of different sites," said Gunter Ollmann, the director of Internet Security Systems' X-force research lab.
Thanks for posting this. I've followed the instructions for creating the GPO and have applied it to our test network for testing.
"Why are Mac's not affected by virus's? Is this in fact true? I am considering getting one for work and I would like your comments.
Thanks!"
On possible reason is market share. Mac/Apple, although out there in a bunch of schools, doesn't have the market penetration of MS platforms. No big target, no (fewer) folks trying to exploit the boxes.
Another is operating system. MacOS has never been particularly vulnerable (again, few folks using it), and OSX is a UNIX OS.
Finally who actually uses the system? Few businesses and/or government agencies use Mac. The user base is mostly folk who need a reliable, comfortable to use, and safe connection to the internet.
Random thoughts.
Cheers
I've never used a Mac but I think HAL9000 will know the answer to your question.
Summary of all MS threads:
Blah, blah, blah, Firefox. Blah, blah, blah, MS sucks. Blah, blah, blah Mac. Blah, blah, blah why people still use is beyond me. Blah, blah, blah Linux.
Server 2003 is not vulnerable. PCs having a decent virus scanner or anti-spyware program are not vulnerable. I'm betting that 64 bit cpus are not vulnerable.
Lots of reasons. The big one is that the default account isn't an Admin account with root access privileges. Another is that it questions you when installing software, and requires a password. Another is that, since OSX, the operating system is UNIX based, and doesn't have the legacy holes that Windows has. Another is that it's a harder target with a smaller payoff. Another is that most OSX users don't use IE, which has been discontinued for Macs. Another is that the built-in firewall is on by default and you have to override it purposefully to open up remote access.
Macs are not immune; there just hasn't been any successful exploits in the wild yet. The only malware I've ever suffered on a Mac in 15 years was the macro virus that effected (you guessed it) Microsoft Office, and that was long before OSX.
Who would want to hack into a computer from a guy who lives in the woods in a converted school bus and wants to trade organic root vegetables for a rebuilt starter for a 1981 Volvo 240?
That may account for a small part of it, but there are millions and millions of Macs out there. Scoring the first virus hit on them would make a very tempting target for the malware scum.
However, I think most malware attacks have gone beyond the nerd hobby boyz. Most of it seems run by organized crime and hostile governments, these days. More profitable to target institutional users than individuals. They'd much rather have a keysroke logger in a bank clerk's PC than some Art Director's Mac at an advertising shop.
Like Rush Limbaugh or GWB, for example? Yep, no one would want to hack those guys.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.