|
|
|
|
Terryt88
Skeptic Friend
USA
120 Posts |
 Posted - 06/27/2004 : 18:04:13
|
Apparently there is a virus out that is affecting a lot of reputable web sites and it seems to really hate Internet Explorer.
quote:
A new Internet virus has surfaced that allows hackers to steal passwords, credit card numbers and other personal information when someone merely visits an infected Web site, government computer security experts warned this week.
Hundreds of Web sites have been targeted by the virus, which exploits flaws in Microsoft Corp.'s Windows Internet software, according to an alert issued Thursday by the U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.
Quote from: http://www.washingtonpost.com/wp-dyn/articles/A6746-2004Jun25.html
I am no expert on viruses; normally I just update my system and virus defs. But CERT is suggesting not to use Internet Explorer for the time being.
I think I like Mozilla Firefox better than IE anyway. There are a ton of cool add-ons mods for it.
Give it a try and see what you think.
Other browsers off the top of my head: Mozilla, Netscape, Opera, lynx
Anyone more informed than me have any info on the virus?
[Edit: Clarify]
|
Edited by - Terryt88 on 06/27/2004 18:06:28
|
|
|
Dave W.
Info Junkie
USA
26031 Posts |
Posted - 06/27/2004 : 19:25:12 [Permalink]
|
Here's what Microsoft has to say (in part):Microsoft teams are investigating a report of a security issue known as Download.Ject affecting customers using Microsoft Internet Information Services 5.0 (IIS) and Microsoft Internet Explorer, components of Windows. (Download.Ject is also known as: JS.Scob.Trojan, Scob, and JS.Toofeer.)Important Customers who have deployed Windows XP Service Pack 2 RC2 are not at risk. Reports indicate that Web servers running Windows 2000 Server and IIS that have not applied update 835732, which was addressed by Microsoft Security Bulletin MS04-011, are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code.
|
- Dave W. (Private Msg, EMail)
Evidently, I rock!
Why not question something for a change?
Visit Dave's Psoriasis Info, too. |
 |
|
|
Terryt88
Skeptic Friend
USA
120 Posts |
Posted - 06/27/2004 : 21:43:29 [Permalink]
|
You know it's funny (or not, depending how you look at it.  ) I was my work's resident computer geek as a collateral duty one year. I was amazed at how many people actually had no idea what Windows Update was or how to use it.
I guess my only advice is if anyone hasn't tried it, give http://www.windowsupdate.com a look real quick. It's mostly 1-2-3 and your done.
Thanks for the MS post Dave. |
|
|
|
Dave W.
Info Junkie
USA
26031 Posts |
Posted - 06/27/2004 : 21:58:43 [Permalink]
|
Well, the problem is that Microsoft appears to be being less than forthright. They're not telling people that "Windows XP Service Pack 2 RC2" is beta software, and that the only "finalized" service pack is Service Pack 1. Windows Update won't suggest you upgrade to SP2 at all.
Funnier thing: in the massive thread at Slashdot to which you linked, Terryt88, someone points out that MSNBC was suggesting that people switch to Mozilla or Opera.
Really, the "total solution" involves four things:
1) Switch your browser to something other than IE, or disable certain "Active Scripting" features,
2) Run Windows Update in case they come out with a real solution that's not beta software and covers their other running OSes (ME, 2000, NT, 98, etc),
3) Update your virus definition files, as it appears that those companies are keeping on top of things more than Microsoft, and
4) Don't freakin' click on links from people you don't know - that's just good common Internet sense, nevermind the damn viruses. |
- Dave W. (Private Msg, EMail)
Evidently, I rock!
Why not question something for a change?
Visit Dave's Psoriasis Info, too. |
|
|
|
Terryt88
Skeptic Friend
USA
120 Posts |
Posted - 06/27/2004 : 22:17:38 [Permalink]
|
quote:
Funnier thing: in the massive thread at Slashdot to which you linked, Terryt88, someone points out that MSNBC was suggesting that people switch to Mozilla or Opera.
LOL! I'm waiting for the day they say "Ahh screw it, just install Linux...." 
|
|
|
|
@tomic
Administrator
USA
4607 Posts |
Posted - 06/28/2004 : 14:59:27 [Permalink]
|
Here's more information:
http://www.microsoft.com/security/incident/download_ject.mspx
http://isc.incidents.org/diary.php?date=2004-06-24&isc=ab464ebd9b88be7bbd95c6b2adba5f54
http://www.microsoft.com/presspass/press/2004/jun04/0625download-jectstatement.asp
http://www.securityfocus.com/archive/1/365293/2004-06-06/2004-06-12/2
For me switching to Firefox and the like isn't a real option and I think making people panic and disrust the web emotionally is never a good thing. The web will almost certainly NEVER BE 100% SECURE no matter what operating system or browser or service you use. To make people think that switching to something different is to give a false sense of security.
Here's what I advise:
Don't panic
Use a Firewall...always
Be especially careful when you set up a wireless network
Use anti-virus software
Use anti-Adware software like Ad-aware
Run your updates
Do a complete system scan with your anti-virus at least once a month
Check your bank account often whether you use online banking or not
Change passwords often
Use good passwords and not your kids names or the like which all but guarantee you get screwed.
Don't think all of this is too big a hassle to deal with. It only seem like a lot at first but once you have at least informed yourself (and do stay informed) the actual maintenance work is minutes a month. We are talking something like 5-10 minutes a month to safeguard your accounts. The complete system scan takes a while but you can do that when you go to bed or are doing something else.
Being smart and not simply distrusting your computer is a far better strategy than the alternative unless living in fear turns you on. Talk about just dumping Windows for Linux is also just the usual rhetoric you hear every time something like this happens. It will eventually happen to Linux because security is an ongoing process for Linux, too. I think Linux users all know they have to apply patches as well. Vigilence and accepting that keeping your eye on security is part of computer ownership is, I think, the closest you can get to security.
@ |
Gravity, not just a good idea...it's the law!
Sportsbettingacumen.com: The science of sports betting |
|
|
|
Terryt88
Skeptic Friend
USA
120 Posts |
Posted - 06/28/2004 : 17:20:48 [Permalink]
|
Thanks @tomic for the advice.
quote:
originally quoted from @tomic
For me switching to Firefox and the like isn't a real option and I think making people panic and disrust the web emotionally is never a good thing.
Never my intention in the least.
quote:
originally quoted from @tomic
Talk about just dumping Windows for Linux is also just the usual rhetoric you hear every time something like this happens.
I was totally kidding about switching to linux, but I did think it was pretty funny that it was indeed MSNBC who suggested the switch.
But he is totally right about the things he listed in his post. They really are easy to do and save you a lot of headaches down the road. Think of it like changing the oil in your car, only do don't have to crawl around on the ground and get grease everywhere.. |
|
|
|
Terryt88
Skeptic Friend
USA
120 Posts |
Posted - 06/28/2004 : 17:37:10 [Permalink]
|
Here are some links to some programs if anyone is interested.
Adware Scanners:
SpyBot
Ad-Aware
Virus Scanners:
AVG [Free Edition]
Norton
Firewalls:
Zone Alarm
Norton Firewall
Note: All of these programs (except the Norton ones) have free versions that are just as good as the "for money" counterpart minus a few bells and whistles.
Hope this helps some people. |
|
|
|
@tomic
Administrator
USA
4607 Posts |
Posted - 06/28/2004 : 20:19:07 [Permalink]
|
I'm sorry if it sounded too much like I was going off on you Terry. The discussion on this board is very tame compared to what I have seen elsewhere. Some are damn near inciting people to riot over it and taking to opportunity to just bash Microsoft which gets old.
Thanks for the links which I was too lazy to add myself!
@ |
Gravity, not just a good idea...it's the law!
Sportsbettingacumen.com: The science of sports betting |
|
|
|
Kil
Evil Skeptic
USA
13481 Posts |
Posted - 06/28/2004 : 20:29:29 [Permalink]
|
| Gee whiz. I wonder if I should be worried running IE for Mac? I suppose not... |
Uncertainty may make you uncomfortable. Certainty makes you ridiculous.
Why not question something for a change?
Genetic Literacy Project |
|
|
|
Dr. Mabuse
Septic Fiend
Sweden
9696 Posts |
Posted - 06/29/2004 : 07:35:35 [Permalink]
|
quote:
Originally posted by @tomic
Some are damn near inciting people to riot over it and taking to opportunity to just bash Microsoft which gets old.
I'm past that stage, and have entered the apathy-stage concerning Micro$oft, and it's products. And I have no moral problems with pirate software... |
Dr. Mabuse - "When the going gets tough, the tough get Duct-tape..."
Dr. Mabuse whisper.mp3
"Equivocation is not just a job, for a creationist it's a way of life..." Dr. Mabuse
Support American Troops in Iraq:
Send them unarmed civilians for target practice..
Collateralmurder. |
|
|
|
@tomic
Administrator
USA
4607 Posts |
Posted - 07/08/2004 : 15:49:26 [Permalink]
|
Just when you thought it was time to switch:
http://www.eweek.com/article2/0,1759,1621463,00.asp
Turns out Mozilla and Firefox have gaping holes, too.
Stay alert about the Internet Explorer issue because the recent patch released by Microsoft did not really fix the problem. It just disabled access to an Active X control that had one of the holes.
And now, there is an exploit that takes advantage of it... again. It simply uses Application.Shell instead of ADODB.Stream (the ActiveX control disabled by the last "patch") to do its dirty work.
Be safe.
@ |
Gravity, not just a good idea...it's the law!
Sportsbettingacumen.com: The science of sports betting |
|
|
|
gezzam
SFN Regular
Australia
751 Posts |
Posted - 07/08/2004 : 23:35:42 [Permalink]
|
And more on Mozilla.....
http://www.zdnet.com.au/news/security/0,2000061744,39152903,00.htm
Developers at the open-source Mozilla Foundation have confirmed that the latest version of their Web browsers have a security flaw that could theoretically allow attackers to crash computers or launch unauthorised programs. |
Mistakes are a part of being human. Appreciate your mistakes for what they are: precious life lessons that can only be learned the hard way. Unless it's a fatal mistake, which, at least, others can learn from.
Al Franken |
|
|
|
 |
|
Topic Locked
