theregister.co.uk and IE = virus
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: theregister.co.uk and IE = virus

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324

    Exclamation theregister.co.uk + IE = virus

    Bofra exploit hits our ad serving supplier
    By Team Register
    Published Sunday 21st November 2004 16:18 GMT


    Important notice Early on Saturday morning some banner advertising served for The Register by third party ad serving company Falk AG became infected with the Bofra/IFrame exploit. The Register suspended ad serving by this company on discovery of the problem.

    Bofra/IFrame is a currently unpatched exploit which affects Internet Explorer 6.0 on all Windows platforms bar Windows XP SP2. If you may have visited The Register between 6am and 12.30pm GMT on Saturday, Nov 20 using any Windows platform bar XP SP2 we strongly advise you to check your machine with up to date anti-virus software, to install SP2 if you are running Windows XP, and to strongly consider running an alternative browser, at least until Microsoft deals with the issue.

    We have asked Falk for an explanation and for further details of the incident, and pending this we do not intend to restart ad-serving via the company. Falk will, we understand, be making a statement regarding the matter on Monday.

    Although the matter was beyond our direct control, we do not regard it as acceptable for any Register reader to be exposed in this way, and wish to apologise sincerely to anyone who was. Further information about this particular exploit is available here or here . ®
    Source
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    I read the report last night phish,
    Was to busy seing if i was infected to post.

    Anyway the following may be of interest as a follow up: http://www.theregister.co.uk/2004/11...frame_exploit/
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    I have a solution to that problem, run Linux or at least use Windows with a decent browser. I can't believe so many people still use IE after all of the publicized vulnerabilities.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    have a solution to that problem, run Linux or at least use Windows with a decent browser. I can't believe so many people still use IE after all of the publicized vulnerabilities.
    So all the bad **** would go away if we all moved to Linux?
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Jinxy:

    I have to admit, Firefox works...... I don't get anything using it compared to using IE....

    However i have to admit that it demands plugins be loaded more regularly than I'd like and when you click on the "Click here to download Plugin" icon you always get "plugin not found". So, whaddya do? You open IE and watch _exactly_ what you wanted to knowing that it was safe in the fist place.....

    I think it's called "sacrifice"....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    I have a solution to that problem, run Linux or at least use Windows with a decent browser. I can't believe so many people still use IE after all of the publicized vulnerabilities.
    Or upgrade to Service Pack 2...? If you didn't after the GDI+ vuln, then maybe you were asking for it.

    I use Firefox for the plugins, not because of the inherent security bandwagon that seems to be rollin'. I say this because it seems the local repair shop (and quite a few colleagues) are installing FF on hijack victims and calling it fixed, w/o touching the real problem or upgrading the OS. I agree switching to a less functional browser is a solution, but ignorance of the patching process is worse.


    <off topic rant>
    Several months ago I get a typical IM from a friend who can't change their homepage. I remove a cool web search hijack among other things. I update the OS, but forget to turn on auto updates. Just a few weeks ago, same deal. I am out of town, and the campus helpdesk advises a format, and the person takes the box to Best Buy, (Geek Squad). They format the box and reinstall the OS, unpatched. This person fails to tell me about the swarm of malware they pick up the next day, and bring it back to Geek Squad. They have to pay again for the cleaning, and pay for an AV as well. Is that unethical or what?
    </off topic rant>

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by jinxy
    So all the bad **** would go away if we all moved to Linux?
    Yep.

    Originally posted here by Tiger Shark
    However i have to admit that it demands plugins be loaded more regularly than I'd like and when you click on the &quot;Click here to download Plugin&quot; icon you always get &quot;plugin not found&quot;. So, whaddya do? You open IE and watch _exactly_ what you wanted to knowing that it was safe in the fist place..
    Are you using FF1.0? I don't have that problem, though I use it primarily on Linux.

    Originally posted here by Soda_Popinsky Or upgrade to Service Pack 2...? If you didn't after the GDI+ vuln, then maybe you were asking for it.
    It's a tradeoff though: fix older vulns and open new ones, or keep the older ones and wait 'til the new ones are fixed?

    I use Firefox for the plugins, not because of the inherent security bandwagon that seems to be rollin'. I say this because it seems the local repair shop (and quite a few colleagues) are installing FF on hijack victims and calling it fixed, w/o touching the real problem or upgrading the OS. I agree switching to a less functional browser is a solution, but ignorance of the patching process is worse.
    Someone needs to slap the local repair shop then. Patching should always be encouraged, but short of mandating automatic updates via local policy (which may be questionable in and of itself), I don't see how you'd go about fixing the problem presented.
    If you don't mind my asking, why and to what do you consider FF less functional?
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  8. #8
    It's a tradeoff though: fix older vulns and open new ones, or keep the older ones and wait 'til the new ones are fixed?
    There are SP2 vulnerabilities? I don't count the cmd window drag and drop, but other than that, what vulnerabilities? (and I don't count the ones that require social engineering)

    If you don't mind my asking, why and to what do you consider FF less functional?
    No activex. If it were to be exploited, AFAIK it would have to be through it's html or javascript interpreter, and there are many other paths to exploit IE, such as activex or whatever functions it has within the OS (I think there was a help file vulnerability, that sort of thing).

    Although one exception, people (like myself) pile on the plugins on top of their FF browser. I wonder how that will effect the security of the browser, by depending on the skills of more obscure, open source extension teams. Any plugins that see the html received and handle it incorrectly can get screwed. I have a web developer toolbar installed right now, when I use functions of it, it must read the HTML of a site. What if you code something that exploits the extension and not the browser? I don't know enough of how FF is developed and if it can prevent this sort of thing from happening (i doubt it), but I believe this can happen in the future.
    Good thing it's easy to update all your extensions at once. And yet again, the solution is updating.

  9. #9
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    I have to admit, Firefox works
    It does indead. (you know exactly where i was comeing from)

    Yep.
    Bet it would not take long to come back though

    Infact, i have had more picked up with spybot/adaware, when i have used Firefox. Than when I have used IE service pack 2. Mind you I do tend to go places with Firefox that i would not with IE. Over confidence, "will", i'm sure kick me in the arse one day.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  10. #10
    Banned
    Join Date
    Apr 2004
    Posts
    843
    When im using XP... sometimes I'll use IE and you know what? I don't get malware at all. Then agian, unlike everyone else on the world wide web now ah'days I actually pay attention to... and yes, unlike most people sometimes I occasionally even give a damn about what happends to my computer. Oh and I don't really see why I need any type of administrative rights just to read the funny pages known as The Reg's articles.

    Complaining about browsers is so stupid... you would have to be even more mentally retarded than I am to be infected with malware.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •