IE exploits now seen worldwide!

[polonus]

Hi malware fighters,

The number of exploits for a recent  hole in Internet Explorer is growing rapidly, and now also hits Internet Explorer 6 and the beta version of IE 8. Through the hole attackers install password stealers together with key-loggers. Microsoft warns that "surfing in a secure matter" alone won't help, because the exploits could also land on legit websites. "During previous months we have seen an increase in SQL-injection attacks", according to Microsoft's av-analyst Tareq Saade. His advice is to update all security software. The Microsoft av scanners is detecting the exploits recently detected (Does avast do also?) http://blogs.technet.com/mmpc/archive/2008/12/11/limited-exploitation-of-microsoft-security-advisory-961051.aspx

Exploits have been seen to appear all over the world, like is shown in the picture I have attached, but attackers use Chinese domains as a rule. Following webpages could have exploits: 7.hxm, I7.hxm, ie07.hxm, msxml.hxm en ss.hxm.  (hxm=htm),

polonus

[polonus]

Hi malware fighters,

This I saw from the Secunia discussion of the recent exploits for IE6, IE7, IE8 beta:

To clarify three common incorrect assumptions about this vulnerability:

Assumption: Only Internet Explorer 7 is vulnerable.
Correction: No, at least Internet Explorer 6 is also affected, but not by the public exploits that are currently available. According to Microsoft's updated advisory, IE 5.01 is also affected. We have not confirmed this yet, but it seems plausible.

Assumption: The core problem is related to XML processing.
Correction: No, it's related to data binding. Working exploits can be created nicely without using XML.

Assumption: Setting the security level to "High" for the "Internet" security zone or disabling "Active Scripting" support protects me against attacks.
Correction: Technically no. It is still possible to trigger the vulnerability. However, it does make exploitation trickier as it protects against attacks using scripting.

polonus

[samuelvirucide]

  Hi polonus

 better to throw or don t use internet explorer because a lot of people don t care what kind of web browser they are using. A lot of them as long they connect to internet they are satisfied. not knowing they are using a more vulnerable browser.They don t heed with this kind of warning!!!!By the way thanks to your info warning 

[Marc57]

Thanks for the heads-up polonus.

[alanrf]

Given other rather emotional threads in the browser wars ... let me just say (however futile the effort may be) that the vast majority of IE users who are going to their everyday websites will be just fine using IE.  It is those who venture down dark alleyways of the Internet (as well as real life) who need to be much more concerned about the risks of doing so.

[Marc57]

Given other rather emotional threads in the browser wars ... let me just say (however futile the effort may be) that the vast majority of IE users who are going to their everyday websites will be just fine using IE.  It is those who venture down dark alleyways of the Internet (as well as real life) who need to be much more concerned about the risks of doing so.

Agreed alanrf, Since hearing about this I and my Wife have been staying on sites we know we can trust.

[alanrf]

Before anyone tells us that the the well-known and respected sites are not infallible.  We know.  We use the tools we have, we do our best to be careful.  Beyond that you might as well say that the Internet should not be used ... if you do ... well, be prepared to be trampled into the dust by the hordes who ignore you.   

[FreewheelinFrank]

Before anyone tells us that the the well-known and respected sites are not infallible.  We know.  We use the tools we have, we do our best to be careful.  Beyond that you might as well say that the Internet should not be used ... if you do ... well, be prepared to be trampled into the dust by the hordes who ignore you.   

Polonus already did, in the article, but apparently you two missed it. 

Microsoft warns that "surfing in a secure matter" alone won't help, because the exploits could also land on legit websites.

[alanrf]

Frank,

I do not wish to appear pushy.  However you have been asked this question before and you have not responded except with the circuitous response you just gave. 

WHAT IS YOUR SUGGESTION TO THE PROBLEM?  You criticized Bob for trying to be above it all ... are you trying to fly beneath it all?   

[Marc57]

Before anyone tells us that the the well-known and respected sites are not infallible.  We know.  We use the tools we have, we do our best to be careful.  Beyond that you might as well say that the Internet should not be used ... if you do ... well, be prepared to be trampled into the dust by the hordes who ignore you.   

Polonus already did, in the article, but apparently you two missed it. 

Microsoft warns that "surfing in a secure matter" alone won't help, because the exploits could also land on legit websites.

I didn't miss it, One of my tools:  http://www.sandboxie.com/

"Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially"

[FreewheelinFrank]

Frank,

I do not wish to appear pushy.  However you have been asked this question before and you have not responded except with the circuitous response you just gave. 

WHAT IS YOUR SUGGESTION TO THE PROBLEM?  You criticized Bob for trying to be above it all ... are you trying to fly beneath it all?   

Well, I thought everybody knew my position, because I've repeated it often enough, but I've added a post to make it absolutely clear in the thread you mention.

[FreewheelinFrank]

More on the IE hole here:

http://voices.washingtonpost.com/securityfix/2008/12/microsoft_big_security_hole_in.html

Seems AV detection is not so good. 

[polonus]

Hi FwF and others,

What a gaping hole inside all versions of the IE browsers has to do with "browser wars" is beyond me!

Why users don't care a hoot is just demonstrating that they are just following the line and consensus. "I have blue e so I should click it, no matter what. Didn't  know or care that anything else existed." Well such an attitude I can fully understand, if you never heard anything else. A little discussion can just change all these insights. What I cannot understand is that when something apparently is wrong with Internet Explorer's security and it has not been fully patched and there are only semi-work-arounds, "some" react as being stung by a wasp, yes and reactions are sometimes "irrational" even.

A browser is a browser, be it IE, Opera, SRWareIron, Flock, whatever. What do you do when you have a serious vulnerability in a program like a MediaPlayer? You change it for another less vulnerable kind of player, wait until a new version comes out and/or upgrade or wait until it is patched, or go on about your business and take the risks for granted. It is your choice- it is a free world.
Why all of a sudden this gets different when a browser should be involved?

polonus

P.S. Where you should not go using IE: http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210
Snort-rules to detect the exploit: http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_IE_0Day

[bob3160]

Unfortunately FWF has been bashing IE and Microsoft for so long that he has lost sight of the fact:
It is the most widely used browser and operating system in the world.

Bashing the browser and the operating system or any one who uses one or both doesn't cure anything.

[Jtaylor83]

Looks like everyone will be forced to buy a Mac. Apple has yet to win again.

On Second thought, these exploits can also infiltrate the stock markets globally, causing the global economy to crash instantly.

For those who have Firefox with NoScript, what if these exploits manage to bypass NoScript?