Fully patched XP? Still not safe

[fyrewall]

http://www.eweek.com/article2/0,1759,1638184,00.asp

Security researchers have identified a new version of the Download.Ject attack that is now being used on the Internet and can compromise fully patched Windows XP machines.

The new version of the attack just appeared Thursday afternoon, and while details are still sketchy, experts say its main purpose is to install a back door on compromised PCs. Users victimized by the attack receive an e-mail or an instant message containing a link directing them to a malicious Web page.

Let's home noone gets compromised while waiting for a fix

[Spyder32]

Hrmm, true.. ya know just looking at the title of this thread I coulda simply answered "I know"

[moxnix]

I'm sorry, but I am feeling less and less sympathy for any one who:

The new version of the attack just appeared Thursday afternoon, and while details are still sketchy, experts say its main purpose is to install a back door on compromised PCs. Users victimized by the attack receive an e-mail or an instant message containing a link directing them to a malicious Web page.

Click on anything and every thing.

[Lipton]

Users victimized by the attack receive an e-mail or an instant message containing a link directing them to a malicious Web page.

Why doesn't the government do something about this and shuts down the webpages ? I know they did that with The "Hey i found a picture of %n" virus in AIM. Profiles !

[moxnix]

Originally posted here by Lipton
Why doesn't the government do something about this and shuts down the webpages ? I know they did that with The "Hey i found a picture of %n" virus in AIM. Profiles !

Why should the government protect a stupid (L)user. Then they will start censoring web content, and or legislate where you can go and what you can think, and.......oh wait a minute, they already do alot of that. Don't forget to put on your seatbelt now, its a $108 fine here, and should you ride your bike without a helmet it's a hanging offense.

[Spyder32]

If anyone is dumb enough to click a link or download from a random person IM'ing them, then they deserve the damage. I mean, it's common logic people.. Geez.

[Lipton]

What about a person that just bought the computer and got first time online and sees and e-mail "Download the latest Anti-Virus patch Here" and there he thinks, he whata nice guy, offers me free protection, its not that people are dumb, it's all new for people just getting into the field, we were all dumb once in something, we still would be if someone didnt help us.

[Spyder32]

Umm, if I checked my e-mail and found that type of message, I would wonder why someone I don't know is e-mailing me period.. let alone a download link or whatever. But yes, you are right in a sense we all were new and probably foolish at one point.

[pooh sun tzu]

Wait, shouldn't the topic be:

Fully patched XP/Linux/UNIX/BeOS/Solaris/Sun/BSD/DOS? Still not safe


I mean, the exploit can apply to any OS known to man because it isn't an exploit based upon the OS, it's an exploit based upon the user. Windows virus, unix viris, BSD virus. I don't care what the OS is, it can still be exploitable by the user.

Which brings me to my next minirant about news and media:

Stop labeling windows exploits like this one as XP/Windows specific! It isn't true, and is just another scare tactic. Telling us that people clicking on malicious links in email makes the OS insecure makes as much sense as the owner of a bank throwing all the money out into the middle of the street.. and then saying that the bank itself isn't secure.

[moxnix]

Wait, shouldn't the topic be:

Fully patched XP/Linux/UNIX/BeOS/Solaris/Sun/BSD/DOS? Still not safe

No pooh, it should be "Dangerous Users still Clicking on Anything"