September 28th, 2003, 04:36 PM
IE holes lead to AIM, dial-up attacks
Security holes in Microsoft's Internet Explorer have been exploited by hackers to hijack AOL instant messaging accounts and force unsuspecting Web surfers to run up massive phone bills, computer experts cautioned on Friday.
September 28th, 2003, 04:59 PM
That article makes it sound like the malicious web page downloads a program to your computer. This is not true, atleast for the AIM vulnerability that many people I know have been hit with. What happens is that there is a vbscript on the webpage that reads the key of your registry where your encrypted AIM password is (if you have checked that AIM save your password). This encryption is extremely weak and can be easily cracked or the attacker may just put the encrypted password in his/her registry. So if you don't want to be vulnerable to this attack you should not have AIM remember your password (which you shouldn't do in the first place).