Trojan Phel hits Windows XP specifically
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4128
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
A new trojan, Phel.A [read symantec analysis]

:: Quote ::
Trojan.Phel.A is a Trojan horse program, which is distributed as an .html file, and attempts to exploit the Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (BID 11467).

Trojan.Phel.A attempts to infect computers running Microsoft Windows XP Service Pack 2 or later.


Ha ha, very funny. This one, by the way, installs a backdoor if it manages to install itself, great news for the newly 'locked down and secure' Service pack 2.
Back to top
vkaryl
Status: Contributor
Joined: 31 Oct 2004
Posts: 273
Location: back of beyond - s. UT, closer to Vegas than SLC
Reply Quote
*laughing* FIREFOX FOREVER!
Back to top
erikZ
Status: Contributor
Joined: 30 May 2004
Posts: 148
Reply Quote
Hear hear, this one just came out too:
:: Quote ::
The new exploit ... is fully automated, requiring the user only to visit a Web page in Explorer. Other browsers and operating systems aren't affected.

"There now is a 'reliable' working exploit that can compromise an SP2 system by just visiting a Web page," Secunia chief technology officer Thomas Kristensen told Techworld. Secunia has raised its warning level to its highest "extremely critical" level. techworld


I could have sworn SP 2 had fixed all those nasty little problems. And that we could safely use IE again. Oh well, not an issue for me since I stopped using IE too, this stuff is just like a bad memory that comes back only when I get a call from a friend to help them fix their 'broken' computer.

The article goes on to state:
:: Quote ::
Microsoft has warned users to turn off IE's "Drag and drop or copy and paste files" option as a partial solution. The danger can also be lessened by setting security levels to high for the "Internet" zone or, as several security firms pointed out, using another browser.

But let's simplify that, just stop using Internet Explorer and Outlook / Outlook Express and most of your problems will go away. To keep them away, switch permanently to Firefox and Thunderbird email client, both available for free download at mozilla.org.
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4128
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
MSIE has just been found to have 3 critical, code red type vulnerabilities. You can read more about them at secunia.com.

:: Quote ::
Vulnerability 1 and 2, or 3 alone, in combination with an inappropriate behaviour where the ActiveX Data Object (ADO) model can write arbitrary files can be exploited to compromise a user's system. This has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.

Solution:
Use another product.

Note the solution. The security world is now fully convinced that it doesn't matter what MS does with their Explorer products, they will never be secure. Compare this to what Microsoft recommends, going in, turning off feature x or y, but by all means keep using the flawed product. This is probably the 100 th time in the last 4 or 5 years that Microsoft or the security world has recommended turning off some feature or other of MSIE to maintain security, back in 2000 for example the 5.5 MSIE upgrade edition was actually downloaded with javascript support turned off due to a recent security problem. The list is simply too long to take seriously any longer. MSIE is a fundamentally flawed product with a fundamentally flawed design. The direct link between OS and browser was and is a bad idea.

Also notice that while Firefox / Mozilla also had a recent security problem, unlike the MSIE ones:
:: Quote ::
Various vulnerabilities were found and fixed in Mozilla-based products, ranging from a potential buffer overflow and temporary files disclosure to anti-spoofing issues.

First, these were not critical flaws, they are flaws. Second, they are already fixed in the latest releases. Don't be fooled by the similarity in language, most MSIE flaws are critical, and are almost all linked to the Active X security holes, which give attackers control over your system. Most of the Firefox holes have been discovered before any exploit was crafted, and were fairly minor.
Back to top
Display posts from previous:   

All times are GMT - 8 Hours