IE Security Flaw; Internet Storm Center Says Don't Use IE

Posted Jun 25th 2004 3:00PM by Pariah S. Burke

ALERT! Internet security groups are warning of a newly discovered vulnerability in Microsoft's Internet Explorer browser that allows outside parties to take control of users' machines. The code that exploits the vulnerability and opens a backdoor is prevalent not only on small, out-of-the-way sites, but also on popular trusted, professional and corporate websites such as those belonging to leading banks, auction services, and price comparison firms.

And, its spreading.

The maliscious code is so rampant on trusted websites that the prevailing advice from Internet security consultancies like the Internet Storm Center and US Computer Emergency Reponse Center is to use another browser, to discontinue use of Internet Explorer until Microsoft patches the vulnerability.

From BBC News World Edition, Friday, 25 June, 2004:

The net watchdog, the US Computer Emergency Reponse Center, and the net security monitor, the Internet Storm Center, have both issued warnings about the combined threat of compromised websites and browser loophole.

Cert said: "Users should be aware that any website, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code."

In its round-up of the threat the Internet Storm Center bluntly stated that users should if possible "use a browser other then MS Internet Explorer until the current vulnerabilities in MSIE are patched."

What websites are vulnerable to infection, and thus becoming points of attack upon IE users?

...Any Windows 2000 Server that does not have the MS04-011 security update installed and is running Internet Information Server.

The virulent Sasser worm exploited loopholes closed by this update so many servers are likely to be patched against the problem.

How does the infection occur?

Infected servers are adding a malicious chunk of Javascript to all the web, gif and jpg files served up to anyone browsing the sites they host.

When loading on a browsing PC, this chunk of code might trigger a Windows error message.

Once downloaded the code redirects a browser to a Russian website which tries to install a program that opens a backdoor into the PC.

Some net service firms have started blocking access to this Russian site.

Pariah Burke writes the Design Weblog and Magazine Design Weblog for Weblogs, Inc., and is a contributing writer to the Nanopublishing Weblog.

¡Se filtra catalogo del Honda CR-Z 2011! VIDEO: Godzilla versus Super Snake Garia: "El Ferrari de los carritos de Golf"	DIY & Save: Homemade Water Filter HowNow: How to Make a Wreath Out of Old CD's Unusual Uses: Christmas Lights Outdoors - 5 Fresh Ideas
Ralph Lauren's Luxe Holiday Offerings Pueblo Bonito Los Cabos Adds Thermage to Your Vacation Repertoire Maltese Falcon Designer's 1920s-Style Superyacht Inspired by JFK	Is there a chink in McDonald's armor? Kroger's Q3 earnings miss, downgrade Johnson & Johnson (JNJ): A holiday gift
Flavors Without Borders - Chef Charlie Ayers Sauteed Leeks - Feast Your Eyes Hot Buttered Rum - LeNell It All	Megabus to offer 100,000 free tickets 8 Reasons Visiting A Friend Makes a Great Trip Compromise over Rosetta Stone fight?

IE Security Flaw; Internet Storm Center Says Don't Use IE

RESOURCES

RSS NEWSFEEDS

IE Security Flaw; Internet Storm Center Says Don't Use IE

RESOURCES

RSS NEWSFEEDS

Weblogs, Inc. Network