midgetwaiter
03-27-2006, 10:59 PM
Hi Everyone,
I don't usually do this but there is an issue with Microsoft's Internet Explorer that is causing a bunch of problems for people right now. I decided to pass this on as I have had 3 people call me since Sunday after getting stuck by this.
Quick Explanation:
There is a problem with the way IE handles certain web form elements (fancy scripted radio buttons). If you view a web page in IE that has the right kind of script hidden in it a program is automatically downloaded and run on your computer without asking or warning you. You would never know it happened. This is much worse than the usual kinds of issues with IE or Outlook, you don't have to click on or open anything other than a web page. Because of the way this is built many normal, main stream websites are being cracked and having this stuff added to them. You don't have to be looking at "bad" sites for this to happen.
So simply put: Open a compromised web page in IE and you are screwed. Norton, McAfee et al. probably will not save you. Because Outlook uses IE to show you some emails it is possible that you could get an email that causes you to be compromised this way, nobody has seen that happen yet though.
Microsoft was notified about this problem 45 days ago by a security researcher. Another researcher decided to release the information publicly last week because he noticed that there was talk of the problem on some underground web forums where crackers and spammers trade techniques.
Here are a couple links with more information.
http://www.microsoft.com/technet/security/advisory/917077.mspx
http://blog.washingtonpost.com/securityfix/2006/03/attacks_on_internet_explorer_f_1.html
What to Do:
You can use the Microsoft link above to find out how to disable Active Scripting in IE. This will protect you until Microsoft releases an update.
Also you could consider switching to another Web Browser and email client. Opera, Firefox, Netscape, Safari, anything but IE. Nobody else sits on security problems like this for 45 days.
I don't usually do this but there is an issue with Microsoft's Internet Explorer that is causing a bunch of problems for people right now. I decided to pass this on as I have had 3 people call me since Sunday after getting stuck by this.
Quick Explanation:
There is a problem with the way IE handles certain web form elements (fancy scripted radio buttons). If you view a web page in IE that has the right kind of script hidden in it a program is automatically downloaded and run on your computer without asking or warning you. You would never know it happened. This is much worse than the usual kinds of issues with IE or Outlook, you don't have to click on or open anything other than a web page. Because of the way this is built many normal, main stream websites are being cracked and having this stuff added to them. You don't have to be looking at "bad" sites for this to happen.
So simply put: Open a compromised web page in IE and you are screwed. Norton, McAfee et al. probably will not save you. Because Outlook uses IE to show you some emails it is possible that you could get an email that causes you to be compromised this way, nobody has seen that happen yet though.
Microsoft was notified about this problem 45 days ago by a security researcher. Another researcher decided to release the information publicly last week because he noticed that there was talk of the problem on some underground web forums where crackers and spammers trade techniques.
Here are a couple links with more information.
http://www.microsoft.com/technet/security/advisory/917077.mspx
http://blog.washingtonpost.com/securityfix/2006/03/attacks_on_internet_explorer_f_1.html
What to Do:
You can use the Microsoft link above to find out how to disable Active Scripting in IE. This will protect you until Microsoft releases an update.
Also you could consider switching to another Web Browser and email client. Opera, Firefox, Netscape, Safari, anything but IE. Nobody else sits on security problems like this for 45 days.