Infected major Websites spreading malware via Internet Explorer security holes

Normally, I figure that people will hear about these sorts of things on other sites, but I figured that this was important enough to post it up here. According to ZDNet, malicious hackers have compromised several “major websites.” They didn’t deface these sites with the usual “1 0wNez joo, biatch!” (forgive my poor leet speak). Rather, they installed their own software to take advantage of Internet Explorer’s unpatched security holes to install software on visitor’s PCs. The owners of the sites are apparently unaware of the fact that they are infecting their visitors, and visitors are probably complacent that they only visit “reputable” sites and have nothing to fear from spyware.

If you’re reading this using Internet Explorer (on Windows, at least), please, go download the latest version of Mozilla (or their up-and-coming new browser, Firefox). It’s free, and it’s a much more useful browser than IE, nevermind the fact that it doesn’t have the known gaping security holes that IE does. It’s also a supported application under constant development, unlike Internet Explorer.

(Updated: It appears that the problem will only affect users of Internet Explorer 6, not earlier versions. According to Microsoft, if you have installed WIndows XP service Pack 2 Beta (which 99% of you haven’t, I’d guess) then you’re safe as well.)

Switching to Mozilla was the advice I gave my father last weekend, after I had to remove spyware from his PC. I thought I had covered just about everything… I had both a hardware firewall and a personal firewall installed on his PC, antivirus running, etc.

The vital thing here is: there is nothing you can do to prevent being infected, aside from using something other than Internet Explorer as your browser. You won’t get a little “do you want to install…” popup that you’d stupidly have to click “OK” on. Microsoft hasn’t fixed these bugs yet, so doing the whole “Windows Update” thing won;t help you. Virus scanners can’t detect the malicious downloaded software yet. Considering the reports I have read about spyware now downloading updates for itself constantly, I suspect virus scanners will never be able to keep up. Firewalls won’t keep the spyware out, since

the browser is the one downloading the software. It’s not forcing itself in from the outside.

As mentioned in the latest Joel on Software, Microsoft has totally abandoned Internet Explorer development (although apparently they are going to start developing it again). Depending on the state of your tin foil hat, this is either because the browser was going to be integrated into Microsoft’s much-hyped and much-delayed next generation of operating system, or because Microsoft’s desktop dominance is threatened by having a rich and powerful browser (as Joel states).

At this point, consider Internet Explorer to be an unsupported product. Considering it’s the gateway through which a lot of spyware and worse are downloaded, you owe it to yourself to download an alternative browser (or, heck, a whole alternative operating system, but I won’t try to convince people of the need to switch to Linux today…).

I’ll not go too deeply into an anti-Microsoft rant here, except to say that this is what happens when one company has so much control of the computer landscape. Its own priorities and survival outweigh yours, in its own mind. The result is that Microsoft will do whats best for it (protect its monopoly) rather than what’s best for you (develop software that’s bullet proof, or, at the very least, fix issues when they come up).


  1. With regard to spyware: I use Patrick Kolla’s Spyware S&D (http://www.safer-networking…) It does get rid of a lot of known commercial spyware. These are programs that keep track of what you do, and often make your own computer pop up adds and such. (This is different than having sites pop up adds from within your browser, which Netscape and even IE can be set to block.)

    Two notes of warning, however:

    1) I’ve heard that Spybot S&D is so popular and well respected that some bad guys have created sites that purport to be the home of Spybot but actually install their own malware.

    2) The version I have installed (1.2) does not seem to have any updates available connected with this latest threat. In general, think of Spybot S&D as helping you get rid of some annoying stuff, not as making your computer “safe.”

  2. I want to Criticise Microsoft Corp., but I can’t. I can’t because every time I start to the Westleft, Eastleft and all-around political left starts chiming in with the Wrongest distractions about the richboy and the poorfolk.

    Golldangit, it’s NOT ABOUT how wealthy Bill Gates is; I hope his wealth and bank account both increase. It’s NOT ABOUT what kind of house he may own or family he may have, I hope he upgrades his house and if he breeds offspringpods that’s just great. and it’s NOT ABOUT how much and how little the Gateses give to charity, I don’t want to hear about that I don’t want to know about that the big important part of corporate leadership is NOT ABOUT THAT dangit it’s about what people do at work! These kinds of topics cloud the issue and effectively stamp out the voice that opposes-monopoly-because-monopoly-is-no-

    way to run the free market.

    I’m malcontect of criticisms of Microsoft Corp., only because when they surface we get into this other – c-r-a-p!

  3. Well, firstly i am glad to see that a page like this exists, people need to know! Firstly, as for Serice Pack 2 being safe, well My Arse. I have it installed, and i got directed to a “dodgy” site from google. Before i knew it, my virus scanner goes mad, my software firewall is asking me questions, and my registry watcher is asking me if i should allow my startup keys to be modified! I have found out Internet Explorer is not safe, and never will be aslong as its the leading Browser. Personally i cannot believe Microsoft has left it this long, and still hasn’t fixed all these bugs. So many people aren’t very computer literate, and they won’t ever see this page. So they go about their daily lives, not ever knowing they have a trojan that is stealing their Credit Card Numbers. However much i love using Windows, i can’t believe Microsoft has turned its back on its customers like this. They are scum. Also though, if the world wasn’t full of money hungry scum, who will do anything for an easy buck, then these security bugs would never be a problem!

  4. Hello there! What’s going on, everyone?

Comments are closed