Newly Detected IE Exploit Spells Massive Spyware Trouble

A previously undocumented flaw in Microsoft's Internet Explorer Web browser is reportedly being exploited by online criminals to install an entire kitchen sink of malicious software on any computer that visits any of a handful of sites currently exploiting the vulnerability.

source

When will Bill & co actually produce a peice of software that doesn't leave their users vulnrable? :bnghd:

Originally posted by solidshot

When will Bill & co actually produce a peice of software that doesn't leave their users vulnrable?

:bnghd:

When people stop using their shoddy products?

But that'll never happen, IE is the first browser most users have and they don't want to go through the bother of getting another one (God knows why). They have such a big user base that they could release a browser that wipes your hard drive, sends rude e-mails to your friends and then sets fire to your house, and they'd still have a million people using the darn thing :shk:

Yeah it's the "wild, wild-West" stuff... a Zero-Day cursor roll-over exploit can't be far off as a trigger mechanism... As a temp fix for the IE bug mentioned - turn off Java Scripting. Even more scary is the newish-phenom of chained "indie" executables... sorta like a co-operative of semi-autonomous bots... shoddy code "wraps' the world eh? blog.spywareguide.com...

Keep walkin' perimeter... stay frosty.

Victor K.

[edit on 19-9-2006 by V Kaminski]

Just for fun I checked over at MS Technet for Security Advisories... 3 new one's since "patch tuesday" on the 11th of Sept 06... www.microsoft.com...

Just to put the fun in funky I hit the US-CERT site... many "demons and daemons be a lurking". The "official" story of wot2be afraid of 2day... www.us-cert.gov...

I really like the US-CERT service and I think they are doing a quality job.

In related news DHS has finally appointed a "Cyber-dude/Czar/puppet" a "former" software "lobbyist".... click with care and always have a backup image...

Victor K.