Valhalla Legends Forums Archive | General Discussion | Fully Patched IE Users At Risk

AuthorMessageTime
hismajesty
[quote]netcraft.com: A new security hole in Internet Explorer exploit allows hackers to gain control of a user's computer when they click on a hyperlink, even while using a fully-patched version of IE6. An exploit using the technique, which employs a complex series of Javascript, VBScript and PHP code, has been published on the Web and is being discussed in several security mailing lists.
The attack splices together multiple weaknesses in Internet Explorer, including at least one known but unpatched flaw and several new ones. The scripting cocktail tricks the browser into running code from a remote web server as though it were a local help file, and can then install a trojan of the attacker's choice on the compromised system.

The exploit is launched when a user clicks on a malicious link in an e-mail or web page. Internet Explorer launches a pop-up window with an "iframe" tag, which is commonly used to display text or interactive features in a floating window. The code tricks the browser into thinking the iframe contains a help file from the user's hard drive, while downloading a javascript that can then run with local privileges. The javascript then launches a remote php file, which in turn downloads a trojan to the user's hard drive. A complete analysis of the exploit and how it works can be found here.[/quote]
June 13, 2004, 1:17 PM
Spht
Time for people to apply better security settings. I only have a couple web sites which I allow to use those types of things. You also shouldn't be running your browser with administrative access.
June 13, 2004, 3:19 PM
Thing
Download and install this program and you won't have to worry about any more IE vulnerabilities.
June 13, 2004, 3:26 PM
crashtestdummy
Yep, FIrefox all the way. Kills the dumbass popups too.
June 13, 2004, 3:49 PM
Eibro
[quote author=Thing link=board=2;threadid=7235;start=0#msg65030 date=1087140383]
Download and install this program and you won't have to worry about any more IE vulnerabilities.
[/quote]I agree. I was using a fully patched IE6 and still managed to get hijacked. I started using Firefox back when it was still in its early stages as 'Phoenix'. Haven't went back since.
June 13, 2004, 5:21 PM
iago
I've used firefox and Opera on Windows and Linux, and I actually prefer Opera on both platforms. But they're both good :)
June 13, 2004, 6:32 PM
UserLoser.
Just downloaded FireFox, it's neat :P

Edit - It seems to be tons++ faster than IE
June 13, 2004, 6:47 PM
Archonist
[quote author=UserLoser. link=board=2;threadid=7235;start=0#msg65052 date=1087152470]
Just downloaded FireFox, it's neat :P

Edit - It seems to be tons++ faster than IE
[/quote]

It seemed to open much slower on my computer. :\
June 13, 2004, 6:59 PM
hismajesty
I use FireFox and IE. :)
June 13, 2004, 7:02 PM
Mephisto
There's nothing wrong with Internet Explorer. I prefer it over the other Browsers. And why do you think it's the "Award Winning Browser"?
June 14, 2004, 12:24 AM
UserLoser.
[quote author=Mephisto link=board=2;threadid=7235;start=0#msg65094 date=1087172647]
There's nothing wrong with Internet Explorer. I prefer it over the other Browsers. And why do you think it's the "Award Winning Browser"?
[/quote]

Because Microsoft made it
June 14, 2004, 12:33 AM
Tuberload
[quote author=Mephisto link=board=2;threadid=7235;start=0#msg65094 date=1087172647]
There's nothing wrong with Internet Explorer. I prefer it over the other Browsers. And why do you think it's the "Award Winning Browser"?
[/quote]

Ah yes, lets use it just because it is award winning.
June 14, 2004, 12:37 AM
warz
Winning of what awards?
June 14, 2004, 12:47 AM
Stealth
[quote author=warz link=board=2;threadid=7235;start=0#msg65097 date=1087174055]
Winning of what awards?
[/quote]

Microsoft's Trusted Computing Performance award, of course. :)

There's nothing wrong with Internet Explorer -- have you read the first post in this thread?
June 14, 2004, 3:42 AM
crashtestdummy
[quote author=Mephisto link=board=2;threadid=7235;start=0#msg65094 date=1087172647]
There's nothing wrong with Internet Explorer. I prefer it over the other Browsers. And why do you think it's the "Award Winning Browser"?
[/quote]

Here's a good reason not to use I.E. but they may have fixed this already.
http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=55
http://www.tjhsst.edu/~agupta/ecard-hijack/
June 14, 2004, 7:37 AM
Arta
I'd say those exploit stupid people just as much as they do IE. Who in their right mind would click on one of those links? I use IE & Firefox as well - IE most of the time.
June 14, 2004, 2:02 PM
Zeller
I love the ctrl-t thing mozilla has but im to used to clicking on the IE icon. I tried replacing it mozilla's so we will see how that works out.
June 14, 2004, 3:03 PM
iago
[quote author=muert0 link=board=2;threadid=7235;start=0#msg65169 date=1087198624]
[quote author=Mephisto link=board=2;threadid=7235;start=0#msg65094 date=1087172647]
There's nothing wrong with Internet Explorer. I prefer it over the other Browsers. And why do you think it's the "Award Winning Browser"?
[/quote]

Here's a good reason not to use I.E. but they may have fixed this already.
http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=55
http://www.tjhsst.edu/~agupta/ecard-hijack/
[/quote]

They aren't going to fix that for sure, because it's not a problem. The correct form for a url is
[protocol]://[username]:[password}@[host]/[path]
We just happen to use the shortened form which automatically logs in as anonymous. Every browser should let that happen.
June 14, 2004, 3:21 PM
Thing
What a coincidence. Look what I just received this morning:

[quote]Received: from scott ([201.128.172.254])
by mail.vpnsys.net (Merak 7.4.2) with SMTP id HRA74455
for <my email address>; Mon, 14 Jun 2004 10:38:07 -0500
Message-ID: <kvplwqymfq.3423215093uluwnz@Scmercerjwpvcrkrl.com>
From: "Scmercer" <servicetastefully@usbank.com>
Date: Mon, 14 Jun 2004 10:32:59 -0600
To: my email address
Subject: [Spam] U.S. Bank Important Warning Message
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset=iso-8859-1

<HTML><BODY bgcolor=

#f4f2ee><DIV><TD height=47><IMG hspace=10 src=

"https://www4.usbank.com/internetBankingStatic/images/logo.gif" border=0></TD><P><B>
<SPAN style="FONT-SIZE: 12px; COLOR: #000066; FONT-FAMILY: 'Arial, Helvetica, Verdana';">
Dear U.S. Bank valued customer,<font color=

"#fffff1">Uraniaresidences</font><br><br>
Due to concerns, for the safety and integrity of the online banking community we have issued this warning message.<br><br>It has come to our attention that your account information needs
to be updated due to inactive customers, fraud and spoof reports.<br>If you could please take 5-10 minutes out of your online experience and renew
your records you will not run into any future problems with the online service.<br>However, failure to update your records may result in your account suspension.
This notification expires on June 15, 2004<br><br>Once you have updated your account records your internet banking
service will not be interrupted and will continue as normal.<br><br>Please follow the link below
and renew your account information.<br><br><a hrefMunseyhref=http://megabyte.com href=

"http://www.usbank.com@202.39.13.130/www/us/verify.html" onMouseMove="window.status='http://www.usbank.com/internetBanking/RequestRouter?requestCmdId=DisplayLoginPage';return true;" onMouseout="window.status=''">http://www.usbank.com/internetBanking/RequestRouter?requestCmdId=DisplayLoginPage</a>
<br><br><br>U.S. Bank Internet Banking<font color=

"#fffff1">Palmyrastrait</font>[/quote]

Those sneaky guys. :P Maybe I'll follow that link and see what the heck is really going on later today.
June 14, 2004, 3:49 PM
hismajesty
I followed it, it will probably catch a lot of people too. :\
June 14, 2004, 4:41 PM
iago
I was looking at the source for both that and the real bank site, and here they are in .txt:

www.valhallalegends.com/iago/bank/realbank.txt
www.valhallalegends.com/iago/bank/fakebank.txt

I didn't actually click the link since I only have ie at school and I don't want a virus, but it looks like the fake one either loads the real one or copies/pastes the source from the real one..
June 14, 2004, 6:14 PM
crashtestdummy
It was just an example of some of the crap some people try to pull off and those aren't the greatest examples. I guess really bad social engineering. But the people it does trick it really screws over. And a lot of older people who get computers just start going all over looking at anything and don't think twice about it.
June 15, 2004, 4:38 AM
iago
[quote author=muert0 link=board=2;threadid=7235;start=15#msg65331 date=1087274306]
It was just an example of some of the crap some people try to pull off and those aren't the greatest examples. I guess really bad social engineering. But the people it does trick it really screws over. And a lot of older people who get computers just start going all over looking at anything and don't think twice about it.
[/quote]

The good thing is that people who don't understand computers often don't feel safe doing online banking. The ones who do get screwed, but they should know better :/
June 15, 2004, 9:57 PM
j0k3r
EW. Opera is decent, but has an advertisement, which is hard to get over. Firefox looks better than Opera because no advertisement, but I spent the last 10minutes trying to import my favourites to no success. I've got beef with these browsers.

Also, first thing I noticed is their lack of alt+d and ctrl+enter, EW.

Edit: Oh, and the link to the main forum, sub forum, topic etc at the top of the page all gets highlighted when I mouse over in Opera.
June 17, 2004, 11:04 AM
iago
Don't forget to look up Mouse Gestures in Opera, they're very handy. For example, hold the right button and click left for back, and hole left and click right for forward -- very handy.
June 17, 2004, 12:39 PM
Arta
I already have special buttons for those :P
June 17, 2004, 1:30 PM
iago
[quote author=Arta[vL] link=board=2;threadid=7235;start=15#msg65607 date=1087479014]
I already have special buttons for those :P
[/quote]

Me too, but they don't work in Linux.

There are also shortcuts for homepage, new window, search page, rewind/fast forward (all the way back or forward), and lots of other stuff. I just don't remember them all, I do them one at a time :)
June 17, 2004, 4:07 PM
crashtestdummy
I think this kinda goes here:
http://www.securityfocus.com/printable/news/8998
June 28, 2004, 6:53 PM
Stealth
There's a Gestures plugin for Mozilla/Firefox as well.
June 28, 2004, 9:33 PM
Zakath
[quote author=j0k3r link=board=2;threadid=7235;start=15#msg65589 date=1087470241]
EW. Opera is decent, but has an advertisement, which is hard to get over. Firefox looks better than Opera because no advertisement, but I spent the last 10minutes trying to import my favourites to no success. I've got beef with these browsers.

Also, first thing I noticed is their lack of alt+d and ctrl+enter, EW.

Edit: Oh, and the link to the main forum, sub forum, topic etc at the top of the page all gets highlighted when I mouse over in Opera.
[/quote]

Opera has advertisements? Where?! :P

Incidentally, what's wrong with the highlighting? It's not like it hurts your eyes.
June 28, 2004, 10:13 PM
iago
[quote author=Stealth link=board=2;threadid=7235;start=15#msg67637 date=1088458419]
There's a Gestures plugin for Mozilla/Firefox as well.
[/quote]

That would be handy, but I still like Opera. *shrug*
June 28, 2004, 10:35 PM
j0k3r
Indeed, I've adjust to Opera, don't even notice the ad bar anymore it blends in with the top. There are some sites that don't support it though, so that sucks.
June 28, 2004, 11:19 PM
iago
[quote author=j0k3r link=board=2;threadid=7235;start=30#msg67656 date=1088464797]
Indeed, I've adjust to Opera, don't even notice the ad bar anymore it blends in with the top. There are some sites that don't support it though, so that sucks.
[/quote]

But that's the site's fault :)

There was one site that said "Could not identify your browser blahblahblah", but I just told it to emulate MSIE 6, and it worked fine.
June 28, 2004, 11:35 PM
j0k3r
My Opera is set to simulate IE, however on sites such as bots2.net and gmai.coml it doesn't work, it's not that big of a concern though.
June 29, 2004, 12:02 AM
iago
More info on the recent attacks: http://tms.symantec.com/documents/040624-Alert-CompromisedIISServerReports.pdf

<edit>
Also http://www.securityfocus.com/news/9004
The comment "Gates lies" is the first thing I thought of when I read this:
[quote]Gates Lies
by Daniel Convissor
Jun 29 2004 5:49AM

"the average time to fix on an operating system other than Windows is typically ninety to a hundred days,"

I'd love to know exactly what that absurd statistic means and where it came from. Did it come from the fake "think tanks" MS funds?

All of the major open source OS's I know are very prompt about issuing updates for security vulnerabilities.

"Today we have that down to less than forty-eight hours." Aw, cut it out. As has been mentioned here, there are tons of holes in MS software that haven't been patched. Let alone, the patches are issued once per month. [/quote]

<edit2> Another reference: http://www.securityfocus.com/news/8983
[quote]"Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code," the U.S. Computer Emergency Readiness Team warned in an Internet alert. [/quote]
So even trusted sites may spread it to you -- that's scary.
June 29, 2004, 5:40 PM
iago
http://www.securityfocus.com/news/9054

To summarize -- the patch they released did nothing, you should disable active scripting, or, better yet, get a real browser :)
July 6, 2004, 12:18 PM
Grok
[quote author=iago link=board=2;threadid=7235;start=30#msg67785 date=1088530819]So even trusted sites may spread it to you -- that's scary.[/quote]

You have it backwards. Do you know what trusted means in this context? Trusted in the IE context is merely adding a website to a security grouping, granting that grouping's permissions to the website content on your browser.

That a trusted website can spread something to you is not scary -- it is stipulated by your trusting it that it can run higher permissions on your browser. What should be the scary is when untrusted websites can run higher security actions on your PC. That's why they are called vulnerabilities and exploits.
July 6, 2004, 1:14 PM
iago
[quote author=Grok link=board=2;threadid=7235;start=30#msg68799 date=1089119665]
[quote author=iago link=board=2;threadid=7235;start=30#msg67785 date=1088530819]So even trusted sites may spread it to you -- that's scary.[/quote]

You have it backwards. Do you know what trusted means in this context? Trusted in the IE context is merely adding a website to a security grouping, granting that grouping's permissions to the website content on your browser.

That a trusted website can spread something to you is not scary -- it is stipulated by your trusting it that it can run higher permissions on your browser. What should be the scary is when untrusted websites can run higher security actions on your PC. That's why they are called vulnerabilities and exploits.
[/quote]

I didn't mean "trusted" as in the browser group, I mean a site that you wouldn't think twice about going to on an unsecured machine. For example, www.valhallalegends.com, if it was running the insecure software, could have been infected, and I could have taken an unpatched browser there without thinking twice about it, gotten the virus, and had no idea.

That's what I meant was scary.
July 6, 2004, 1:45 PM
St0rm.iD
opera rules!
July 6, 2004, 2:07 PM

Search