$799 Bundle eCode: USPCNETS10K210
- Related Stories
-
Attack code targets new IE hole
September 14, 2006 -
No fix yet for Word 2000 flaw
September 12, 2006 -
Microsoft mulls rushing out IE patch
March 24, 2006
The vulnerability lies in the way IE 6 handles certain graphics. Malicious software can be loaded, unbeknownst to the user, onto a vulnerable Windows PC when the user clicks on a malicious link on a Web site or an e-mail message, several security companies said.
"Fully patched Internet Explorer browsers are vulnerable," Ken Dunham, director of the rapid response team at VeriSign's iDefense, said in an e-mailed statement. "This new zero-day attack is trivial to reproduce and has great potential for widespread Web-based attacks in the near future."
Security-monitoring companies Secunia and the French Security Incident Response Team have given the issue their most serious ratings.
Shady adult Web sites are among the first to exploit the IE vulnerability, Eric Sites, vice president of research and development at spyware specialist Sunbelt Software, wrote on a corporate blog. In one case, a malicious Web site used the exploit to install "epic loads of adware," according to Sunbelt.
Microsoft plans to fix the flaw as part of its monthly patching cycle on Oct. 10, the software giant said in a security advisory. The update might be released sooner, "depending on customer needs," Microsoft said. Typically, Microsoft only breaks its patch cycle when attacks are widespread.
The number of attacks may rise quickly, according to Web security company Websense. It appears that WebAttacker, a tool often used to create attack sites, has been fitted with the new exploit, Websense said in an e-mailed statement. "We have confirmed multiple, previously known, WebAttacker sites that are currently exploiting this vulnerability to install malicious software," Websense said. "We expect to see many of the several thousand WebAttacker sites begin to utilize the exploit, as they update to the latest release of the tool kit."
"Microsoft is aware that this vulnerability is being actively exploited," the company said in its advisory. While it works on an update, Microsoft recommends users keep their security software updated and take caution when browsing the Web. In its advisory, it also provides several workarounds to protect systems against the flaw.
The vulnerability lies in a Windows component called "vgx.dll." This component is meant to support Vector Markup Language documents in the operating system. VML is used for high-quality vector graphics on the Web.
This is the second known and unpatched flaw for IE to surface in as many weeks. Last week Microsoft confirmed a flaw in an ActiveX control related to multimedia. Attack code that exploits the flaw and could be used to hijack Windows PCs running IE 5 or IE 6 has been posted on the Net. Microsoft also has yet to provide a patch for a Word 2000 flaw being exploited in targeted cyberattacks.
See more CNET content tagged:
Websense Inc.,
Sunbelt Software,
malicious software,
exploit,
Microsoft Internet Explorer
Avoid illegal download sites.
So unless you plan on avoiding all sites with images, you're vulnerable if you use IE.
http://www.teckmagazine.com/content/view/631/43/
more flaws.
For protection i use Norton Internet Security so i have a bases covered. I also agree that porn sites and downloads from unknown sites means taking a big risk.
You can visit www.grc.com for software to test your security.
It is a good practise to put your IE settings in Internet zone as "High", and then only allow "file download".
Then for sites that you really want to use a web site that require scripting or activeX control, add it to trusted site list.
without a problem
without any antivirus.
I can go to any site I want to
without worrying.
http://lxer.com/module/forums/t/23168/
If you allow active code from untrusted sites to excute in your browser, you may have some protection from the OS, but you are inherently in danger. You are safe using Linux because no one exploited Linux yet.
How about avoid I.E.??? Anyone still using that useless browser needs to get a clue. But telling people to "avoid porn" isn't the answer, all you holier then thou's out there.
Did I miss the part in that article where they said to stay away
from adult sights? I went back and read it a second time. I
didn't see it, though it wouldn't be the first time I missed
something like that.
They're simply saying that adult web sites are among the first to
make use of it. What's wrong with that?
But as for the browser, yea, no question there are more secure
browsers out there and they oughta be used...
Charles R. Whealton
Charles Whealton @ pleasedontspam.com
Because the focus on "porn", this story loses focus that it actually is a good story. It has surprisingly more detailed info than most. If that one word and one paragraph were removed, the author would actually seem intelligent and effective. Unfortunately, because of the focus (which is this only point the author chose not to explain fully) the author comes off as young and unexperienced, causing the story to quickly fade from memory, other than use in jokes.
So don't give me the no viruses on *nix. Because linux/unix get hacked all the time just like windows. And as a linux user, you should know that... because you should be patching all the time also. If you don't I suggest not tellilng anyone your IP Address then....
They try to fake it by saying. "Hey guys check out this new World of Warcraft screenshot" and they sucker people into clicking on it. They are presented with a "Page cannot be displayed" page, but that means they were hacked! It installs a Keylogger software, someone in China gets their World of Warcraft info, enters their account, steals all their ingame currency, weapons and armor, then leave the account to rot.
This is only World of Warcraft!!! Imagine if you visit a site, any site, it installs a Keylogger, then suddenly your credit card is charged with thousands of dollars, your bank account info is hacked into and they transfer money from your savings, someone bids on hundreds of items on Ebay and you get your account banned, they hack into Paypal to transfer themselves thousands of dollars.
This is insane! And you don't click anything! You just visit a site, you get no warning, you get no pop-up, you see nothing! It just installs a software and automatically you are vulnerable to hackers! I can't believe internet is getting this dangerous to use!
P0rn password everyday! WOO HOO!
Gee, there goes away our freedom! I avoid 100% of everything just to avoid the small percentage of not getting hacked!
Why doesn't Microsoft or anyone just fix it! Fix the damn problem rather than let the hackers win!
Should we threat the internet like sex? No! Cause there is no cure for STD's! But for the internet? It's called updates! It's called patches! It's called "Hey Microsoft!!! Learn to program software!!!" There are ways to fix it!
These women ARE NOT CONSENTING PARTICIPANTS!!!!!!!
They are being drugged with Rohypnol and raped. They DO NOT KNOW WHAT HAS HAPPENED TO THEM.
Rohypnol anaesthetizes the frontal lobe of the brain and leaves the motor skills, and primitive mind sections of the brain functioning.
The frontal lobe of the brain is where YOU, your values, your cognitive functions, your understanding, everything that make you the unique individual that you are is in your frontal lobe. Rohypnol is one of the benzodiazipines that does this. The DEA has changed the laws on possession of Rohypnol. If you are caught with one tablet of Rohypnol you are subject to a $250,000.00 fine and 25 years in jail. The DEA has openly stated that its only purpose is rape.
The porno pimpers are now using Abien as a replacement. Nice of the Pharmaceuticals to comply with the wishes of the multibillion dollar beastiality porn 'industry', isn't it.
These victims, including senior citizens in pallative care, are being drugged and raped with animals and the internet servers are dishing them like dog food. It is interesting that Google could filter this garbage out of their system for China but can't for North America. I have complained to them many, many times.
Many of these sites openly declare that they are rape sites. Our governments and our judicial systems, and our police forces seem quite complacent to allow the drugging, raping and videotaping, and full scale sexual slavery of our people. Every University dorm, every home, every hospital, pallative care unit, senior citizen complex, hospice, every bus, every public place, every bar, party, or social event is a prospective 'recruiting' area for the porno pimpers.
The Ontario Provincial Police, in Peterborough, Ontario, told me, "If you don't know it happened to you then it is not a crime." and "Nothing will ever be done to help you. "There is too much money in it."
Hey, get with the program. Let your wives, daughters, mothers, sisters, brothers and friends know what is happening and lobby the government to stop it. Put pressure on all the servers including Google, MSN, Yahoo, the whole lot of them to filter this garbage so the porno pimpers can no longer make millions off of these horrific, obscene, assaults that have been perpetrated on our people.
History will mark these abuses as amongst the most vile crimes against humanity ever perpetrated.
While there are indeed bad people out there you have let false information and hysteria unhinge your faculties.
When you get to half of these sites all it takes is a yes or no to whether your 18 or older. There is no police or anyone out here on cyberspace. To protect children from Porn. Like they do in stores. What I can say I am one age to do something online but be another. There is no proof. But, my word. Until they can pinpoint all IP NUMBERS and force people to register there names and the stuff like that porn is trash and should stay full of flaws and damage everyones computer that trolls threw it. It teaches 18 years to do webcam themselves for big bucks. This morale wrong!!!!
IF you liked porn, would you visit those sites as long as something like this was around? I wouldn't. I'd also delay purchase of new equipment until Iknew that it was taken care of.
M$'s attempt to squeeze life into convenient parcels of time is hurting them. Imagine if the Fire department of your city said that they would only do rescues M-F.
Why porn sites would like to put out viruses on their servers ? If they will copy virus to clients browser he/she will never come back. Porn sites earn money, when viewers start to subscribe to them. If viewers are scared away, it means no subscription and no cash.
Yet, not all porn are put by porn makers and could be put by hackers with copied material from genuine porn site, just to lure viewers and get hits. So, they can post their virus on this site. In most cases you could get there from search engine, not by browsing.
Why on earth is everyone so complacent about this issue??
Why porn sites would like to put out viruses on their servers ? If they will copy virus to clients browser he/she will never come back. Porn sites earn money, when viewers start to subscribe to them. If viewers are scared away, it means no subscription and no cash.
Yet, not all porn are put by porn makers and could be put by hackers with copied material from genuine porn site, just to lure viewers and get hits. So, they can post their virus on this site. In most cases you could get there from search engine, not by browsing.
The article is about a security hole in IE, not people who are (seemingly) too inept to use a serch engine (properly).
Personally, if I never have to fire up IE or mess with .NET ever again, it will be too soon. Use FF or a more secure OS. A patch on Oct 10th? Give me a break!
Chris
The flaw is rated as critical.
This CNet report came out Sep 19th.
Microsoft says they're planning on patching it with their regularly scheduled Oct 10th patches.
That's 21 days from the CNet Reported date to Microsoft's fix.
And exploit sites are already out there NOW.
And don't forget that by the time CNet receives the report, Microsoft has ALREADY been notified of the flaw and thus Microsoft's response time is greater than 21 days for a critical flaw while the rest of the security industry looks at 24 hours for critical and 72 hours for non-critical fixes.
But yet Microsoft continues to falsely claim that they're security concious!!!
GO FIGURE!!!
Walt
- morality police
-
by emeraldgate
September 25, 2006 7:34 AM PDT
- What kind of person are you that you could 'get off' on watching, drugged people, be done with animals? Yes, too bad there isn't Morality Police, then so many women wouldn't be being sold like sex slaves on the internet. Which is a violation of every single one of their human rights, and an infringement on the inherent copyright they hold on their own images.
-
Reply to this comment
-
See all 54 Comments >>