GoFuckYourself.com - Adult Webmaster Forum - Internet Explorer Exploited Again!!

- Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)

- - Internet Explorer Exploited Again!! (https://gfy.com/showthread.php?t=182265)

Internet Explorer Exploited Again!!

http://story.news.yahoo.com/fc?cid=3...s_and_Crackers

Vulnerabilities in Microsoft's Internet Explorer Web browser have been exploited again, security experts said on Thursday, this time by a Trojan horse that redirected traffic from more than 100 popular Web sites to an IP address designated by the attacker.

The Trojan, dubbed Qhosts and Delude.B by various anti-virus vendors, redirected traffic on compromised machines from a large number of legitimate sites--primarily search engines, among them those found at AltaVista, Google, Lycos, MSN, and Yahoo. According to Computer Associates, requests to surf to those search sites were shunted instead to a Web site that was taken offline within 24 hours of the Trojan's appearance.

"This is another attempt by an attacker, probably the same attacker who wrote the original Delude Trojan earlier this month, to hijack Web sites and potentially profit from that redirection," said Ken Dunham, the director of malicious code for iDefense, a 5-year-old company that specializes in security intelligence and provides information to clients through partners such as British Telecom and Japan's Itochu Corp. "It's definitely another exploit of the vulnerabilities that still exist within Internet Explorer."

Qhosts is only the most recent exploit of Internet Explorer vulnerabilities. Starting last week, and continuing over the weekend, others commandeered AOL Instant Messenger accounts and downloaded code that forced users' computers to dial 900 numbers.

The flaw in Internet Explorer stems from a problem the browser has in correctly determining Object Types, and was thought to be patched by a fix that Microsoft released on Aug. 20. But that patch hasn't put a stop to attacks.

"Just by surfing the Web with Internet Explorer, attackers can install anything, at will, on your system and you won't even know it," said Dunham. By exploiting the vulnerabilities, "attackers can use any kind of HTML content to install a Trojan."

As of Thursday, Microsoft hasn't released an updated patch to close Internet Explorer's security holes. A Microsoft spokesman said the company "is investigating an exploit of a variation on a vulnerability originally patched in Microsoft Security Bulletin MS03-032. We will release a fix for this variation shortly."

Microsoft also recommended that users protect themselves against the newer exploits by changing Internet Explorer's security zone settings to prompt before running ActiveX controls, and although the original patch doesn't cover all the bases, install that fix nonetheless.

Most anti-virus vendors have released updated signature files that will trap Qhosts, and rated the vulnerability as moderate. Symantec Corp. ranked Qhosts as '2' in its 1-through-5 scale, while Network Associates labeled it as "low-profile."

Though Qhosts doesn't seem to be a particularly disruptive or damaging Trojan, and the destination site for its redirection was quickly shuttered--that could easily change, said Dunham.

"The possibilities are very large that a worm could come out of this exploit," he said, due to the tempting target that Internet Explorer makes and how easy it would be to wrap the exploit code into, say, a worm delivered by mass E-mail.

"An E-mail worm that takes advantage of this vulnerability could be devastating," Dunham said. While he doesn't have any direct evidence that a worm is imminent, Dunham did say that he's spotted code on hacker sites, including one based in Russia, indicating that attackers are working on such a worm.

Symantec, which released its six-month evaluation of vulnerabilities and threats on Wednesday, pointed to Internet Explorer as software that IT managers should monitor closely.

Users can protect Internet Explorer against attack, or at least mitigate those attacks, said Dunham, by following Microsoft's advice to disable ActiveX controls or prompt the user before running them. "But another idea is to use a non-vulnerable browser," such as Netscape Navigator, Mozilla, or Opera. The Internet Explorer vulnerability "will be a constant avenue of attack, so it's a good idea, and common sense, to have a multiple-browser setup, just in case," he said. "Enterprises could continue to use IE for trusted sites or internally, and another browser to reach external or questionable sites. It would be the best of both worlds."

Machines already infected with the Qhosts Trojan can be cleaned using a variety of anti-virus packages, or cleansed manually by editing the Windows Registry. Instructions for the latter can be found on several security sites.

If ya got it you with either end up at a I.P address and or rcieve this msg. Or something thereof

Are you trying to get to Google?
Your computer is running software that doesn?t allow you to use Google.
You?re seeing this page because your computer is trying to send you to a website that is pretending to be Google. Over the past few weeks, you may have seen a website that looks like Google, but launches pop-up windows and does not work like Google. That page is not affiliated with Google in any way and is intended to deceive you.

Why is this happening?
Most likely a program was installed on your computer automatically and without your knowledge when you downloaded an otherwise harmless piece of software. Or you may have been tricked into clicking on a disguised download button while visiting a website.

What can I do about it?
This problem can be fixed fairly easily, but will require that you make changes in a file that is part of your computer?s operating system. You should always be cautious when making these kinds of adjustments, as they may affect the performance of your computer. If you are not comfortable doing this yourself, you may want to print out this page and show it to someone whose technical knowledge you trust.

What steps do I take?
The first step is to remove the entry for Google from your hosts file. This entry is telling your computer where to send your computer instead of to Google.

In Windows, open the Notepad program. You can do this by going to the Start menu in the lower left of your screen, selecting ?Programs,? then ?Accessories,? then ?Notepad.?

In the Notepad menu, click on ?File,? then ?Open.? You will see a new window asking which file to open. You may need to change "Files of type" to "All Files" instead of "Text Documents". The actual file to open is listed below:

If your computer is running Windows XP, Window NT, or Windows 2000, the file is located in the folder found by following this path:

My Computer >Local Disk(C) >Windows >System32 >Drivers >etc >hosts

If your computer is running Windows 98, Second Edition or Windows ME, the file is located in the folder found by following this path:

My Computer >Local Disk(C) >Windows >hosts

Once you have opened this file, remove entirely any line of text that contains ?google.com?, ?www.google.com? or other Google domains (such as ?google.co.uk?). To remove the text, highlight it by dragging your pointer across the line while holding down the mouse button. Once the text is highlighted, hit the Backspace or Delete button, then save the file by going to the File menu and clicking ?Save.? You can now exit Notepad.

What else can I do?
You might want to try software that attempts to detect and uninstall programs like this one. While we do not have a relationship with anyone who offers this software and we cannot endorse a particular product, the most popular programs for doing this seem to be Spybot Search and Destroy and LavaSoft's AdAware. The particular program affecting your computer is relatively new, so these products might not be able to detect and repair this type of problem yet.

The next step is to learn more. You can visit http://www.doxdesk.com/parasite/ to review information about a number of known self-installing software programs. Several articles on the web may be helpful, such as

· http://www.theage.com.au/articles/2...0172507212.html
· http://news.com.com/2100-1023-877568.html
· http://news.com.com/2100-1023-257592.html

Investigate individual programs using search engines. Try keywords such as "spyware," "scumware," and "adware."
Once you?re informed, take action. Help your family and friends avoid these annoying programs. If you can find the site that installed this software on your computer, let them know how you feel about it. You might also want to track down companies that benefit from having your web visits redirected, and share your feelings with them.

Finally, it's quick and easy to file a complaint with the Federal Trade Commission (FTC). This U.S. government agency handles complaints about deceptive or unfair business practices. To file a complaint, visit: http://www.ftc.gov/ and click on "File a Complaint Online", or call 1-877-FTC-HELP. Or write to:

Federal Trade Commission
CRC-240
Washington, D.C. 20580

If your complaint is against a company in another country, you can file it at http://www.econsumer.gov/.

Its Called "CoolWebSearch [CWS]" if ya want to look it up and here are some fixes

Link:

http://www.spychecker.com/program/cwshredder.html

Another program called "HackThis" works well too!

Hey Keev,

you mind if I copy'n'paste this on various boards? I think you've done a good summary there and most nOObs won't even know what that is all about!

wsjb78

__________________
<br>Check backlinks of your sites
Get your Daily Google PR list here
ICQ: 171751720 <--> Always looking for new Sponsors

http://www.wsjb78.com/wsjb78logo.jpg

Yep I had something similar a couple of weeks ago, "Hack This" was the answer, I suggest everyone grab it, it's a good little program. Can't remember the url but google will find it for you :thumbsup

can a person run BOTH IE and Netscape on the same cmputer at the same time without any conflicts ??

~Bell