Results 1 to 6 of 6
  1. #1
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    The Internet Storm Center are reporting the most alarming drive-by BHO I've seen to date, using an unpatched IE flaw dropped on by a ad server to install a keylogger than then steals banking passwords.

    http://isc.sans.org/presentations/banking_malware.pdf

    It required Acrobat Reader to view. Well worth a read, and yet another good reason not to use Internet Explorer.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  2. #2
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    West Coast USA
    Posts
    3,043
    "Since Friday, this thing was stopped in its tracks," said Oliver Friedrich, senior manager of Symantec Corp.'s Security Response Group. "That being said, the original vulnerability that this attack exploited within [Microsoft's] Internet Explorer has not been fixed."

  3. #3
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Push Mozilla Firefox on your visitors and their nifty e-mail companion. www.mozilla.org This message was banned by the IAB/DMA and a friggin gator was fried, skinned, tarred and feathered in it's making.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  4. #4
    Member
    Join Date
    January 18th, 2005
    Posts
    95
    The way this thing was 'stopped in its tracks' is the web server in Russia that received the keystroke logs was taken down. All versions of IE are stull vunerable to this exploit, and MS has known about it for months and has not been able to come up with a patch / fix. Internet Explorer can be tricked into instaling any program by just visiting an infected web site. Although this attack was snubbed, there will probably be more in the near future. The US government/CERT is suggesting that people do not use IE; I've just spent the morning installing Firefox (http://www.mozilla.org) onto every PC in the building, at the same time I deleted all shortcuts to IE in an attempt to keep the rogue emplyees from going back to IE...

  5. #5
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Well the network's BHO darlings exploiting the IE browser flaws to turn them into browser POS spam machines are getting the Feds compelte attention.

    THE US GOVERNMENT has sent out a warning out to internet users through its Computer Emergency Readiness Team (US-CERT), pleading users to stop using Microsoft's Internet Explorer.
    Following a malware attack last week which targeted a known flaw in IE, like so many other attacks, the US-CERT recommended using alternative browsers thanks to their increased security. Microsoft is hurriedly trying to increase IE's security with the Windows XP Service Pack 2, but it's not fast enough for many.

    In a vulnerability note released by US-CERT, it says "there are a number of significant vulnerabilities in technologies relating to the IE domain" and that "it is possible to reduce exposure to these vulnerabilities by using a different web browser." Well, they're right.

    The latest "extremely critical" IE bug has still not been patched by Microsoft....

    also see http://www.theregister.co.uk/2004/06...alware_attack/

    and http://www.washingtonpost.com/wp-dyn...2004Jun29.html
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  6. #6
    I like traffic lights
    Join Date
    January 18th, 2005
    Location
    Southern hemisphere - away from Fukushima
    Posts
    2,936
    >"Since Friday, this thing was stopped in its tracks," said Oliver Friedrich, senior manager of Symantec Corp.'s Security Response Group.

    He was talking about the previous one. This is a new threat.

    Watch for a BIG BATCH of auto-installing BHO's even when visiting "trusted" sites using MS IE.

    http://www.informationweek.com/story...cleID=22103094

    Thankfully the Dept of Homeland Security has finally come out and said USE AN ALTERNATIVE BROWSER, MSIE HAS SECURITY HOLES...

    http://www.kb.cert.org/vuls/id/713878

    If you're sick of BHO's taking your commissions, NOW is the time to push alternative browsers. Put some download buttons on your sites, and links to the above articles!

    Good article to point Joe Average User to:

    http://www.newsday.com/technology/ny...logy-headlines

  7. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Business Banking Affiliates
    By BusinessWarp in forum Midnight Cafe'
    Replies: 0
    Last Post: March 19th, 2009, 12:13 PM
  2. Direct Deposit in nine new banking countries
    By Nabz in forum Commission Junction - CJ
    Replies: 21
    Last Post: October 14th, 2007, 02:41 PM
  3. Banking Account Question
    By meleemel in forum Business & Legal Issues
    Replies: 4
    Last Post: March 28th, 2005, 12:35 PM
  4. Banking Dollar Cheques in UK
    By Tiebreaker in forum UK/European Affiliates
    Replies: 93
    Last Post: March 20th, 2004, 01:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •