Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Microsoft Browser Holes Lead to AIM, Dial-Up Attacks
Reuters ^ | 09-26-03

Posted on 09/26/2003 7:14:40 PM PDT by Brian S

Fri September 26, 2003 08:00 PM ET By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - Security holes in Microsoft's Internet Explorer browser have been exploited by hackers to hijack AOL instant messaging accounts and force unsuspecting Web surfers to run up massive phone bills, computer experts cautioned on Friday.

Some Internet Explorer users are also finding that malicious Web sites are secretly slipping trojan programs onto their computers, which could prove an even more dangerous exploit, said Drew Copley, a research engineer at Aliso Viejo, California-based eEye Digital Security, who discovered the original security vulnerability.

Such stealth programs can include keystroke loggers that record everything a person types or software to erase the hard drive, among other things, he said.

Microsoft MSFT.O has released a patch for the original hole, which was reported about a month ago, said Stephen Toulouse, security program manager for Microsoft's Security Response Center.

The company is looking into what it says are variations of the original hole that have been discovered since then that the patch does not fix, Toulouse said.

"We will release a fix for the variations," he said.

Security experts are reporting the variations as new security holes, disclosed within the past three weeks and used for different types of attacks, Copley said.

Microsoft and eEye Digital Security said they have issued information for temporary workarounds.

In general, the attacks are accomplished by leading Internet Explorer users to a malicious Web site, either by sending an e-mail with a link to the Web page or distributing a link through instant messaging, Copley said.

When the Web site appears, it downloads code that can execute commands on its own onto the unsuspecting computer user's machine, according to Copley.

An attacker has written a program that uses a security hole in Internet Explorer to hijack an already running AOL Instant Messenger account, changes the password and send a message to the buddies list with a link to the malicious Web page, according to postings on the Bugtraq security e-mail list.

The Web site the posting listed as stealing the AIM passwords appeared to have been shut down.

An AOL Time WarnerAOL.N spokesman said the company was looking into the issue.

'PORN DIALER'

Another attack is being accomplished by sending computer users to Web sites -- typically porn sites -- that change the computer's dial-up settings to an expensive long-distance phone number without the user knowing it, said Richard Smith, an independent Boston-based security researcher.

In the so-called "porn dialer" attack, victims are being charged as much as $5 a minute instead of paying their normal Internet service fee, he said.

A third type of attack steers computer users to pay-per-click Web sites, where the spam marketer gets paid each time someone goes to the Web site, Copley said.

"These kinds of bugs are really spooky" because they work in the background, undetected by the computer user, he said. "With these kind of holes, a lot of roaches crawl through."

Computer users can protect themselves by applying patches, following the workaround instructions or changing their settings in Internet Explorer to prompt them before a Web site downloads programs that can execute on their own, Toulouse said.

Also on Friday, anti-virus company Global Hauri of South Korea warned about a new medium-risk computer worm that spreads through Microsoft Network's MSN Messenger system, attempts to connect to a porn Web site and passes itself around to others in the victim's contact list.

Toulouse said Microsoft was looking into the matter.

Information about the security holes and how to fix them is at http://www.microsoft.com/technet/security.


TOPICS: Extended News; News/Current Events
KEYWORDS: computersecurityin; microsoft
Navigation: use the links below to view more comments.
first previous 1-2021-29 last
To: upchuck
I knew there was a reason for sticking with Netscape. I loathe and detest IE, and now I know why.
21 posted on 09/28/2003 12:46:24 AM PDT by Utah Girl
[ Post Reply | Private Reply | To 3 | View Replies]

To: sigSEGV
Zone Alarm won't stop exploits like these.

Explain, please.

22 posted on 09/28/2003 4:15:48 AM PDT by snopercod (Most people are so busy doing what they think they should do that they never do what they want to do)
[ Post Reply | Private Reply | To 6 | View Replies]

To: JoJo Gunn
Thanks. I have always wondered what a web bug was.

Now if I can just figure out "private headers". I have searched and searched on the internet and can't find out anything meaningful.

23 posted on 09/28/2003 4:21:48 AM PDT by snopercod (Most people are so busy doing what they think they should do that they never do what they want to do)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Utah Girl
I knew there was a reason for sticking with Netscape. I loathe and detest IE, and now I know why.

Netscape. I used to use Netscape. But then I found Opera^, a small very fast browser. I still use Netscape, but only for email. Opera is the best! Give it a try.

24 posted on 09/28/2003 5:47:16 AM PDT by upchuck (Wanna make the Taglinus FreeRepublicus list? Simple-just jiggle jigsaw with yer credit card number :)
[ Post Reply | Private Reply | To 21 | View Replies]

To: snopercod
Zone Alarm is a firewall, meaning it controls certain types of traffic from hitting your machine and leaving your machine. If IE goes to a web page that contains the exploit code, it will gladly execute localally on your machine whether you have a firewall in place or not. Same thing with anti-virus. Someone could format your hard drive and a firewall and anti-virus can't do a thing about it. People put way too much trust in those things.
25 posted on 09/28/2003 7:36:27 AM PDT by sigSEGV
[ Post Reply | Private Reply | To 22 | View Replies]

To: snopercod
You're welcome.

I can't tell you about private headers. There's still so much I've yet to learn.
26 posted on 09/28/2003 9:56:18 AM PDT by JoJo Gunn (Help control the Leftist population. Have them spayed or neutered....)
[ Post Reply | Private Reply | To 23 | View Replies]

To: sigSEGV
Thanks. I think I understand now.
27 posted on 09/28/2003 10:14:43 AM PDT by snopercod (Most people are so busy doing what they think they should do that they never do what they want to do)
[ Post Reply | Private Reply | To 25 | View Replies]

To: sigSEGV
Wait a minute. Maybe I don't understand.

If I have ZoneAlarm set to disallow "mobile code" from a website, then you're saying that it can execute anyway?

28 posted on 09/28/2003 10:16:36 AM PDT by snopercod (Most people are so busy doing what they think they should do that they never do what they want to do)
[ Post Reply | Private Reply | To 25 | View Replies]

To: snopercod
CTR
29 posted on 09/28/2003 9:51:03 PM PDT by restornu
[ Post Reply | Private Reply | To 28 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-29 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson