New Internet Explorer Exploit, Banking popup malware
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4043
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
A brand new trojan/keylogger exploit has just been discovered, this comes immediately after the most recent malware exploit, which made CERT recommend against using IE at all to maintain network security.

:: Quote ::
The malware[pdf description], which has been identified by the SANS Institute [read top 20 exploit list or visit the SANS Internet Storm Center], is delivered to users' PCs through pop-up windows that appear when users log on to financial portals.

It seems that the suspect pop-ups are delivered on certain websites that run ads from third-party ad servers, which appear to have been hacked. When the pop-ups appear, vulnerable versions of Internet Explorer begin downloading a malicious file that records activity - such as passwords - onto the infected PC and sends that data to a server reportedly located in Estonia.

We'll be adding this to the ever increasing list of reasons not to use IE. Of course, as usual, this exploit only affects users of the increasingly suspect Microsoft Internet Explorer. Once Firefox hits 1.0 we'll begin recommending to all our clients to switch browsers, A good strategy will be to tell them that they are risking losing everything they own to the Russian mafia [or any other organized hacking groups out there, I'm sure more will start taking advantage of these gaping holes in MS IE security.

On a similar note, re CoolWebSearch trojan:
:: Quote ::
The trojan installs dozens of bookmarks to foul porn sites on your desktop; it also adds a toolbar to Internet Explorer and changes your home page without asking. theregister

Says the guy who writes the antidote program:
:: Quote ::
Bellekom has just released the latest version of his CWShredder (1.59), the only antidote to the trojan, but warns that his app won't be updated again: "I have a few bugs to fix, but after that there's not much left to do. I simply do not have the tools to remove the latest variants. They are too aggressive or too complicated to allow for automated removal."

These guys are getting better at this stuff all the time, trojans + mafia etc, that gives some incentive that maybe wasn't there so much before, expect higher quality exploits by the year.

The solution to most of these problems is to switch to a real browser, like Firefox or Opera. We recommend Firefox, it's a very good product, version 0.9 is easily good enough to take over as your primary browser, I've been using it since Phoenix 0.6 as my default browser without any problems at all.
Back to top
Display posts from previous:   

All times are GMT - 8 Hours