-
March 11th, 2005, 05:59 PM
#1
Alternative browser spyware infects IE
http://www.theregister.co.uk/2005/03...ive_slimeware/
Some useful citizen has created an installer that will nail IE with spyware, even if a surfer is using Firefox (or another alternative browser) or has blocked access to the malicious site in IE beforehand. The technique allows a raft of spyware to be served up to Windows users in spite of any security measures that might be in place.
Christopher Boyd, a security researchers at Vitalsecurity.org, said the malware installer was capable of working on a range of browsers with native Java support. "The spyware installer is a Java applet powered by the Sun Java Runtime Environment, which allows them to whack most browsers out there, including Firefox, Mozilla, Netscape and others.
Nice. Real nice.
http://www.vitalsecurity.org/2005/03...nfects-ie.html
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
-
March 11th, 2005, 07:59 PM
#2
...well, not exactly. Visit the same page in FF and, with the JRE up and running, the below happens:
IMAGE HERE OF ACCEPT DIALOGUE
Being a curious soul, I agreed to the install - and quickly wished I hadn't! In a flurry of remote downloads, numerous changes to the registry took place and a sizeable amount of IE specific installs began downloading.
It didn't exploit anything...
The problem is, IE shouldn't have been hit in this way - especially as it was locked down so tightly, and wasn't even being used at the time. Vaguely worried by this, I tried some other browsers...the results aren't exactly fantastic reading for the Mozilla Foundation.
If you hit yes, then all your security measures just went down the pot. I don't see where the security threat is, if it asked you if you want to install... Of course it will work across browsers... You specifically gave Java the ability to by accepting it!
-
March 11th, 2005, 08:23 PM
#3
I guess a headline of flawed browser draws more interest than flawed user would.
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
-
March 13th, 2005, 07:53 AM
#4
If you hit yes, then all your security measures just went down the pot. I don't see where the security threat is, if it asked you if you want to install... Of course it will work across browsers... You specifically gave Java the ability to by accepting it!
there are huge numbers of people that have no idea what they are agreeing on. they go to the website, asks for a yes or no question, they think its part of the procedure in visitng the website. they dont bother reading the popup because they believe they wont understand what it says anyway.
my dad is such a person. and god i always have to clean after his mess.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|