internet browser warning

Following the article in the daily newspapers, saying surfers should avoid using internet explorer until microsoft patches a serious security hole in it, telling us to use a browser other than MSIE........ i would just like to ask if netscape 7.1 ok?

 

u reckon wer still safe then, even though MS havent found the patch to fix the hole? ....
The net watchdog, the US Computer Emergency Response Center, and the security monitor, the Internet Storm Center have issued warnings.
The Internet Storm Center said "Use a browser other than MS internet explorer until the current vulnerabilities in MSIE are patched."

 

NET surfers are bing warned to avoid using Internet Explorer until Microsoft patches a serious security hole in it.
The loophole is being exploited to open a backdoor on a PC that could let criminals take control of a machine.
The threat of infection is high because the code to exploit the loophole is on many popular websites.
The list of compromised sites include banks, auctions and price comparison firms.
The net watchdog, the US Computer Emergency Response center, and the security monitor, the Internet Storm Center, have issued warnings.
The Internet Storm center said bluntly "use a browser other than MS Internet Explorer unit the current vulnerabilities in MSIE are patched."

As taken from a Daily newspaper

i

 

whats the IIS issue? and what are servers using IIS?

 

im in the UK

 

ok Halo, but i hear anymore on this subject i will post back, hope you do the same.

PS is netscape 7.1 ok thou?

 

I took the info from the Daily Mirror Newspaper, Saturday 26th June 2004 and it is now Saturday 26th June 2004 23.20 London time. This paper is one of the most popular in the UK i think. The article posted earlier in this thread was the complete article that was in the paper.

 

Here is the same warning at the BBC: http://news.bbc.co.uk/1/hi/technology/3840101.stm

 

so do we reckon its something we should take notice of?

 

What the BBC article is stating is that certain websites have been compromised with the exploit "inserted" there. So that if you browse using IE to that site your own security is somehow compromised.

What is stated is: It is unclear how the malicious code that exploits the weakness in Microsoft's Internet Explorer has been inserted on popular websites.

and: So far the server/browser combination has not been given a single name. In its warning about the problem Microsoft calls it download.ject but others, such as F-Secure, are calling it Scob.

Here is the Microsoft article that goes with download.ject: http://www.microsoft.com/security/incident/download_ject.mspx

Again, there seems to be unknowns in how the exploit is performed but MS suggests that this is critical and that you follow the three steps for home users.

 

Mozilla Firefox is the best alternative to IE IMHO. I have permanently switched from IE to Firefox and have no intention of going back. I wish there was a way to rid windows of IE.

Mozilla, Netscape, Opera all are not vulnerable to this exploit because they are not buried deep into the OS. Microsoft really screwed up by tying IE into the OS. It is the weakest spot in the whole OS and I don't think it can ever really be fixed until they take IE out. To bad the justice department caved and let MS off the hook. They should have made them yank IE out.

 

OK people. This is a very serious problem! I have just come back from 12 hours at work after discovering this.

Basically Several Extremely popular Search engines, Web mail and even online banking systems running IIS have *somehow* had malicious code attacked to their websites. This means when an IE Client (Opera and Firefox have tested as resistant to this exploit and are 100% safe) connects to said website an 18kb Worm is downloaded to the system32 directory Of 2000/XP. The file is generally called KK32.DLL and if you have this file your are most likely infected and should pop onto the NAV or Mcafee site and search for it and follow their removal advice.

This is extremely high risk at the moment, and i cant stress how important it is that you DO NOT use IE for surfing until MS patch this.

I cannot tell you my company, but it is UK based and pretty damned big, i can inform you that the Virus propogates by attaching a malicious ActiveX component to websites, and silent downloads them to IE clients. (Opera and Firefox do not support ActiveX and so have no issues).

My partculary company found 3 varients, one was recieved from a popular new Seach engine Email system. The other from a well known auction site. The last was recieved from an unknown location.

The worm does not appear to contain a payload except for disabling certain Firewalls, and allowing the machine to be used as a Zombie in a DDOS.

My Boss last night was in talks with Symantec, and they have provided us with a beta virus definition that successfully detects the worm. Hopefully they will have it on live update tommorow.

 

Well for some reason i cant edit my post

Here is a link explaining a bit more about it.

http://www.cnn.com/2004/TECH/internet/06/25/internet.attack/index.html

Note the bottom where they state only IE is at risk, and as yet they dont know where to begin patching it

Time to pull out the old Opera/firefox install i think

 

http://www.microsoft.com/security/i...nload_ject.mspx

Went to the website
Did a search for the files
kk32.dll
Surf.dat

Did not find them, so I should be ok.

But................do I need to search for them every day or so to make sure I'm ok?
Gal

 

See, this anonymous stuff bugs me.

I don't care you don't tell us, but don't even mention it if you arent going to.

Mention you work for "pretty damned big" company then making it anonymous, does not lend you credibility.


Just post what your concern then go with that

 

Sorry, haven't had my coffee yet

 

Linky no worky.

Re; your question, why couldn't someone implement a Sasser workaround (read only dcpromo.log)...

Make a read only file named kk32.dll and Surf.dat and save them in the correct directory?

Won't help avoid variants, most likely, but could provide temporary relief until MS fixes it.

 

Nevermind. I'm guessing that the virus would simply copy the files anyway, with a (2) in the name...

Unless, the virus/trojan/whatever doesn't recopy itself if it finds these files present already.

 

Sorry. I really gotta click on some of these other links before replying.

So, there is no point in stopping using IE if you have 835732 installed, (which we all do, because we know its important to stay up to date ) right?

 

835732 is for the server end of this problem( http://support.microsoft.com/?kbid=871277 ). The IE hole remains unfixed on the client end, unless you have SP2 already installed. It seems this problem is far more widespread then people think. The best advice so far is to not use IE on a non SP2 machine till they can patch this hole.

And then we can all just sit back and wait to see what the next big exploit is.

Latest reports have claimed it is being used to steal credit card and other information. http://news.ninemsn.com.au/article.aspx?id=11124

 

OMG what have i started, lol, looks like summat big, biggest thread eva that i have started.

 

To Adrynalyne, Sorry i cannot tell you who i work for, only that our site was compromised shortly. Its a legal requirement for me. You dont really need to know, and unless your in the IT industry you wont have ever visited us

Lastly this is NOT PATCHED YET. If you are using IE you will have to check for the kk32.dll /surf.dat after each site you visit, just incase the site became infected.

I reccomend you download Opera http://www.opera.com/download/ until Micrsoft sort this mess out. Like me you probably wont ever want to go back to IE after this particular mess up.

It has now been revealed the WORM is a key logger/Data miner that has a sole goal of stealing credit card numbers/bank account numbers and other details that can be used to commit fraud and basically steal from you.

Link to Discovery that WORM is after your info/bank details http://www.eweek.com/article2/0,1759,1617550,00.asp?kc=EWRSS03119TX1K0000594

In this day and Age, there is no excuse for not using Firefox or Opera, both are faster than IE, have a million times more features, and are not affected by these million and one Java/ActiveX bugs.

According to Symantec, this is already one of the most wide spread worms to yet, and considering the info it steals, its scary!

If you value your privacy and bank accounts, you know what to do :|

 

There are some great extensions for it as well. You can extend the versatility of it way beyond anything you could ever have thought compared to IE.

 

You want fast? I would go for Opera 7.51, its faster then Firefox by a fair bit. It doesnt look as pretty, or have as many extensions..but *damn* is it fast


If you want to see how much faster Firefox is than IE, benchmark it here :-

http://www.24fun.com/downloadcenter/benchjs/benchjs.html

Also download Opera, on most systems its a good 10-20% faster than firefox

Opera and Firefox are by far the fastest, most stable and have the most features of any Browser yet. I dunno how you IE users put up with the slowness, the crashes, the pop-ups the adverts etc

 

You misunderstand. I'm not looking to know who you work for. I am just simply saying, if you can't tell us, then why mention it at all

 

What does SP2 have that combats this?

 

To Adrynalyne, i only mentioned it to show that i have had first hand experience with this thing. We all know how quickly false info can spread

MS dont appear sure why SP2 isn't vulnerable to this. Hopefully they will figure it out soon, or just release SP2 early.

But in my opinion all these bugs are good if they get people using Firefox and Opera, it amazes me how many still use IE, when its the slowest, buggiest and most featured browser out there.

 

Im currently using Opera, so i'll explain from that standpoint.

You dont need a pop-up killer in Opera, it has one built in. It has built in support to block adverts through Filter.ini too. It cannot be browser hijacked like those pr0n taskbars you get in IE or the dialers etc.

If you set cookies to "For this site only" you wont have data-miner cookies on your PC.

If you have a good firewall, such as Zonealarm or Kerio you wont have any trojan/sasser related viruses.

BUT i would reccomend having maybe the free vesion of Ad-Aware just to run a check on your PC now and then. However since i moved to Opera (and Firefox for a time) i have not found a single item of Spyware in 3 months now.

IMO to stay secure online you need :-

Zonalarm (essential!!)
Opera/Firefox (essential!!)
Anti-Virus (REccomended)
Ad-aware (Optional)

remember, IE is the biggest security threat on your PC, its bugs allow people to bypass your Firewall and Anti virus software with ease.

 

See-ing as a few people have PM'd me asking how to set opera up and asking for tips. Some good sites to go to are:-

http://tntluoma.com/opera/lover/7/ (REALLY great site that goes into detail into configuring opera totally, explains every feature in depth, will take hours to work though, but you can easily pick the tutorials you need)

http://nontroppo.org/wiki/Opera7 (Has a million hints, tips, performance enhancements, tweaks etc)

http://my.opera.com (Official forums, great for questions, loads of new people here in the last week since the this whole cock up with IE)

 

Who's affraid of the big bad wolf? me, me, naw
I've used IE from day one and only allowed ActiveX to only run on update sites and a few others. With this outbreak I changed it to all sites, including no scripts etc., removed unneeded sites in my trusted folder and blocked them all again with my firewall. I first heard about this with the JS Scob Trojan using it and calling home to 217.107.218.147 to download the trojan so that IP got blocked. No problems here & I've been all over the place searching for answers to my 1025 port listening when off-line and only closes when ZoneAlarm Pro is, but this started about a month ago so it's not related. I had been hit with bogus cookies trying to call home though (when I first noticed this port open stuff). I had ZoneAlarm set to stop all net traffic and with the browser open on a different site when a news site I had been to kept trying to connect out. Closed IE, it stopped, opened a saved IE page from another site & it started. When I deleted the news site cookie and all other ones not needed it healed itself from this. I had let the news site run scripts and java, so that's when I shut down all things allowed anywhere. Now when going to java links I edited the link and add some site info and usually get to the pages anyway.

I never have tried another browser except Netscape which I didn't like so it was uninstalled. From the post's here though I am interested in checking out Firefox and Opera since they don't use Java or Active X (both of which I don't care for due to all their security breaches all the time). I still consider IE to be safe if it is set to block everything on the Net, Local, and Trusted site and a firewall also blocking all scripts & Active X. I do get tired of saying no to scripts though so it will be neat to give these a try.

 

xflat, I am a MS basher all the way and proud of it. I downloaded Opera a long time ago, but never got around to installing it. I'll give FoxFire a try first since you say it's so easy to set up and I'll have online bills to pay soon. I may phone them in this time to play it really safe. Later when I have more time on reading I'll give Opera a try too.
I've been hoping for a new OS to come out that is safe and striped of all this unsafe garbage, but starting with safer browsers is better than nothing. I don't buy new cars every 5 news, and don't plan to with upgrade OS's or pay outrageous prices for firewalls and antivirus definitions every year so these suckers will eventually take me off the net if they keep blasting my unsupported OS. When I think of free firewalls and antivirus progams, I kind of feel like it is taking on a gun with a knife not knowing on how well their protection is. I'll definately trash a lot of free programs I have downloaded or make sure they have been tested as safe before using them by someone who knows how to (a couple of download sites do it or did in the past).
Thanks for the tip and decision of which to try first.

 

BTW xflat stop shooting my dillers! LOL Interests: Shooting armadillos
Least you make hamdiller meat out of them <g>. I had a headless one chase me off the beaten path back in 72, so they must be special .

 

hehehe, yes I have added downloads from this site to my stack of programs to try out and find out what my port problem is since I haven't gotten any help on it yet. So it's good to know these are well tested before they are up for use. I have been following the links to the authors sites and downloading from there so guess I'd just better get the info from there and download here. I'll be down to using free AV & FW's before I give up so it's great to know this site provides trusted ones. I'm trying to stay busy today to keep my mind out of the depressed dump, and it's working pretty good. The tips are appreciated.

 

Yet you use their products?


Hmmmm...

Be a real basher. Don't use any MS product

 

I always shoot myself in the foot, it feels good. Whatcha expect out of someone who makes a Pick Up out of a Geo Metro (it holds 2 bales of hay). As for the OS I'm locked in due to an IBM Motherboard & free OS's not being compatible the last time I checked a few years back. As for the browser, real life & death got in the way and they were put on that forgotten back burner list. Plus I got carried away playing with a new digital camera and PSP....the list goes on & on, but your right.
You do have to use something before you have the right to bash it, I just haven't made it past using yet. Compared to the start of computers, I did promote Windows due to the ease of use of it for beginners but its the lack of security, support past a few years and constant money grubbing upgrades is why I'm not moving on with it and bashing it. So they have only made one more round of bucks since I got my computer and had to go from W95 to 98se and that was only because it had to be in order to install my 45GB hard drive and ditch my 2GB hard drive that won't work due to IBM. I added a USB2.0 port, but it works slower because the OS doesn't support it & I won't upgrade it again. I'll stay with the dinosaurs from here on out until I can ever afford another computer and the next one will be Lunix compatable or I won't get it. So I'm not all washed up on my stance.

 

LOL, I'm having visions of the movie, PCU, and the Beemer with the kegs in it

 

Update: http://news.bbc.co.uk/1/hi/technology/3847277.stm

 

This threads still goin strong i see.

 

Just found this article, hope it adds to the conversation www.businessweek.com/technology/content/jun2004/tc20040629_7734_tc120.htm

I'm thinking of switching to Mozilla 1.7. Anyone else think it's a good idea?

 

I thought that bit would have been common sense. Let just hope MS fixes it and quick!