BBC Site Used as IE Attack Lure 83
capt turnpike writes "The hits just keep coming... according to eWEEK.com, someone is using actual excerpts of BBC news stories to 'launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.' One example is a story blurb masking the download and installation of a keylogger -- with no user interaction. And it doesn't even tell you it loves you."
How is this news? (Score:3, Interesting)
Re:How is this news? (Score:4, Funny)
Click here to read an interesting BBC story about it [kevan.org]
Re:How is this news? (Score:1)
Re:How is this news? (Score:1, Troll)
El president Antonio Bliar has p4wn3d it before you.
Re:How is this news? (Score:2)
eWeek is retarded... (Score:3, Insightful)
Erm, why is this a story? (Score:5, Insightful)
If they do it again tomorrow with text from nytimes.com would that be another story?
Re:Erm, why is this a story? (Score:3, Funny)
Re:Erm, why is this a story? (Score:5, Funny)
"Tech website Slashdot article links to vulnerability exploiting websites. Read more here [fake-slashdot.org]"
And whoever submits it to
Re:Erm, why is this a story? (Score:5, Funny)
Re:Erm, why is this a story? (Score:1)
Re:Erm, why is this a story? (Score:2)
dunno, but all the wintrolls who claim their machines never get infected/trojanned might vanish...
Re:Erm, why is this a story? (Score:2)
Re:Erm, why is this a story? (Score:1)
Read more here? That wouldn't work. They should say "Click here to comment..."
Re:Erm, why is this a story? (Score:2)
Wait a couple of hours, this story could be completely duped
Re: Erm, why is this a story? (Score:5, Funny)
And will it be safe to read about it at BBC?
Re:Erm, why is this a story? (Score:5, Funny)
Re:Sickening (Score:2)
I want to say "Firefox wins again", but "again" seems to be everytime nowadays and it's not even worth saying it.
Wow (Score:2, Insightful)
*chokes*
Re:Wow (Score:1)
Now I'm worried.... (Score:5, Funny)
(Times like this I'm glad that I use linux ... Until, of course, the next zero-day firefox hole, at which point I'll switch to konqueror or..).
Re:Now I'm worried.... (Score:5, Funny)
Re:Now I'm worried.... (Score:1)
Re:Now I'm worried.... (Score:4, Funny)
I'm worried about the child processes that will be spawned...
Mal-2
Re:Now I'm worried.... (Score:2)
I boot my browsing OS [damnsmalllinux.org] from CD on a laptop with no HD.
What they gonna do ? Post as me on
Now, THAT'S ILLEGAL! (Score:2)
Re:Now, THAT'S ILLEGAL! (Score:1)
WOW! (Score:4, Funny)
Fake URLS Suck! (Score:5, Funny)
My SITE HAS BEEN HIJACKED (Score:5, Funny)
It was taking over by a hostile native american terrorist organization called apache running on Gentoo gnu/linux. Damit hacker! I need to call the FBI over and sue you for this.
Re:My SITE HAS BEEN HIJACKED (Score:1)
Re:My SITE HAS BEEN HIJACKED (Score:2)
Re:Fake URLS Suck! (Score:5, Funny)
It's an apache configuration page!
I'M BEING HACKED!
AAAAAAaaaaahhhhhh......
I'd better call the FBI!
Re:Fake URLS Suck! (Score:3, Funny)
you:..... AHHHHHHHHHH
Tech Support: You go right ahead and call the FBI and Police, I'll be sure to let them know about everything, right after I shoot off our transcribed converation to your local news agency.
you: (what you say, next will make an interesting conversation)
Re:Fake URLS Suck! (Score:3, Funny)
Re:Fake URLS Suck! (Score:2)
Re:Fake URLS Suck! (Score:2)
Re:Fake URLS Suck! (Score:1, Funny)
Re:Fake URLS Suck! (Score:3, Funny)
Better DDOS the bugger before it hurts anyone else.
Re:Fake URLS Suck! (Score:3, Funny)
Re:Fake URLS Suck! (Score:2)
u idiot u gave me ur ip addr. now im going 2 hax0r ur punk 455. let me jus run my haxing skrypt...
* nmb3000 (slkc-dsl-gw14-874.slkc.qwest.net) Quit (Ping timeout#)
.
How ironic, the full article has drive by links (Score:2, Interesting)
Newsworthy? (Score:3, Interesting)
Re:Newsworthy? (Score:4, Informative)
Re:Newsworthy? (Score:4, Interesting)
I can name plenty of URL's that install drive-by spyware on MSIE (astalavista.box.sk, serials.ws). Go ahead and give me even one solitary URL that installs drive-by spyware through firefox. Just one! I promise I will visit it with firefox, and let you know the results.
Re:Newsworthy? (Score:1)
Re:Newsworthy? (Score:1, Troll)
I really must comend you amazing non-gulibility, and I will be sure to only use Microsoft products from this point on.
Thanks you kind sir. (Idiot!)
Re:Newsworthy? (Score:2)
Is Firefox perfect? Of course not. Is it possible to get a site that will infect Firefox? Probably. Does that make it logical to run to IE for safety? No more than it makes sense to move from the wooded rural countryside to an LA war-zone because you're afraid of a tree falling on your head.
At the current moment, IE has 33 advisories to Firefox's 2. 34 vulnerabilities to FF's 3. And IE averages 449 days to fix a vulnerability, compared to an average of 83 for Firefox.
(Source: http://www. [webdevout.net]
Re:Newsworthy? (Score:1)
What harm in bundling the browser? (Score:5, Insightful)
Apparently, if you bundle a half-ass product where only lip service was paid to security, the cost is greater than anyone realizes. IE was crammed in there with the sole purpose of crushing Netscape and dominating the Internet market. It was rushed, with slipshod quality and security only as an afterthough -- and that only by the PR department.
"Where do you want to go today?" seems to have found an answer...
-Charles
Re:What harm in bundling the browser? (Score:3, Insightful)
Maybe we're thinking of different versions of IE, but while I agree with your comments on security, I can't agree with that statement.
I remember IE 3; it was no match for Netscape 3 in terms of features or stability. Compared to Netscape 4 it was laughable; Navigator shat all over it from a great height.
Then IE 4 came out, and everything changed.
IE 4 was far more stable, faster and had more features. As an example, when resizing the window, Netscape had to rerequest the p
eWeak (Score:1)
April 11??? (Score:3, Insightful)
Hackers Thank God for Microsoft Marketing Policy.
The policy may be designed to make life easier on sysadmins (or, at least, their managers), but it also makes life easier on hackers. I mean, if I had a zero day exploit, I'd start using it on patch day. That way I'd probably have a full month to exploit it before Microsoft released their scheduled patch.
Scheduled monthly patches are fine for non-critical issues, but when you have zero-day drive-by exploits like this, you've got to have a policy that puts user security ahead of marketing hype. Waiting until you have a full-fledged epidemic is not the way to secure your user's future.
Which links? (Score:2)
http://www.google.com/search?q=+Yuan+hits+new+high +against+dollar&sourceid=mozilla-search&start=0&st art=0&ie=utf-8&oe=utf-8 [google.com]
That is, I googled some phrase from the article, in an attempt to get it.
Don't look at that unless you have the hotfix or mozilla, I guess.
I don't get it. (Score:1)
Re:I don't get it. (Score:2)
Re:Firefox, anyone? (Score:3)
You tell a support tech you're using anything other than IE and he'll throw his hands up an
ObPython (Score:2)
3rd Party Security Patch to Fix this Problem (Score:1)
You download and install the patch from here:
http://www.mozilla.com/firefox/ [mozilla.com]
No Love? (Score:1)