Virus Designed to Steal Windows Users' Data

A new Internet virus has surfaced that allows hackers to steal passwords, credit card numbers and other personal information when someone merely visits an infected Web site, government computer security experts warned this week.

Hundreds of Web sites have been targeted by the virus, which exploits flaws in Microsoft Corp.'s Windows Internet software, according to an alert issued Thursday by the U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.

Infected sites were programmed to connect people using the Microsoft Internet Explorer browser to a Web site that contains code allowing hackers to record what users type, such as passwords and credit card and Social Security numbers. The code then e-mails that information to the anonymous attackers.

The attack takes advantage of several recently discovered security flaws in Microsoft’s Internet browser and Internet Information Services Web software. Microsoft released a patch in April to fix one security hole in its Internet browser; the company is still working on a patch for the other flaw, which security researchers publicly detailed less than two weeks ago.

CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack. For people who continue to use the Internet Explorer, CERT and Microsoft recommend setting the browser’s security settings to “high,” but that can impair some browsing functions.


O.K , so you’re snickering because some people will probably get hacked just because they dont ‘know’ any better. :roll:
You’re a fucking moron.

Thanks for the warning though - I’m sure MS will release a patch soon.

Oh bite me, you oversensitive whiny puss! I snicker because of the incredibly long “Firefox” thread and how this points to the validity of many of the arguments therein. :lol:

How about the validity of the argument that IE is just as safe as Firefox if you just turn off ActiveX? Seriously, I don’t get what the big deal is here. People are willing to use a browser that requires them to go hunting for a dozen different extensions to get it to work the way they want, but god forbid if you have to open the “internet options” window and click on a checkbox in IE. Too hard!

Sones, you just don’t get “it.”

You are correct, I don’t get “it.” In fact, that is exactly what I said. But thanks for clearing it up for me!

Just trying to help you find your way, kemosabe.

IE is still a big spyware slut ActiveX or no ActiveX.

I thought this latest problem didn’t use active-x, but relied merely on javascript.


Which can be turned off in IE, too, for that matter. I use MyIE2, so no sweat in my case.

Being forced to turn off IE because of a security issue is not trivial. Many, many, many sites use bits of javascript throughout them.


CERT’s recommended security measure is a set of instructions for deactivating ActiveX, so I assumed that was the culprit. If it’s a Java thing, how does using Firefox help? Firefox runs Javascript, yes?

Yes it does. However the exploit in question strictly plays on the “leaky sandbox” that IE javascript plays in, hence it is an IE only problem.

How is finding and installing Avant, MyIE2, etc… any different from finding and installing extensions?

Additionally, most non-obsessive users don’t need a dozen extentions, the stock browser is as usable, if not moreso, as IE. I run stock Firefox with one “needed” extension (ad blocker) and one “frill” extension (RSS reader). However, unlike IE, most extensions are easily findable via the application’s home page.

I agree. My comment was not so much intended to imply that installing and configuring Firefox is hard, but rather to say that turning off ActiveX in IE is equally simple.

If you are concerned about IE security holes it should be removed completely:

Yeah, I’m shilling for them. Because it works.

Simply turning off ActiveX won’t protect you from the exploit in question, you need to turn off Active Scripting (Javascript in IE) which will make most interactive websites, such as Google’s Gmail innaccessible to you.

Haw haw… :roll:

Simply turning off ActiveX won’t protect you from the exploit in question, you need to turn off Active Scripting (Javascript in IE) which will make most interactive websites, such as Google’s Gmail innaccessible to you.[/quote]M$ RELEASES NEW WORM TO BREAK GMAIL!

Haw haw… :roll:[/quote]

I fixed it for you. Just because I care.