Friday, June 25, 2004
Today's big problem -- what you need to know
A security geek's nightmare came true today.
Bad guys have been taking over other people's websites and defacing them with graffiti. Bad guys have been running web sites that infect people who visit with poorly written web browsers. I've been scared for years that someone would put the two together and write something that takes over web sites to install poison on them instead of just defacing them.
Now it's happening. A new piece of malicious software is taking over some high-profile web sites that run Microsoft's web server software, and installing junk on the web page that infects visitors who run Microsoft Internet Explorer (on Windows. The Mac version is unaffected). This time being street-smart won't help you. You get no warning and no choices, the junk installs silently.
As of this morning antivirus vendors were only beginning to catch up.
Folks, it's time to give up on Internet Explorer. It's easy to download and install a more capable browser that's more secure and free. IE is only safe if you're running a prerelease of XP Service Pack 2 or if you turn off Javascript (which keeps a lot of web sites from displaying right). There is no IE patch from Microsoft yet.
If you're running IE just stay off the Internet for now. Nobody's publishing a list of the infected web sites so you don't know where to stay away from.
P.S. Microsoft explains how to tell whether you're already infected. Sooner or later your antivirus vendor will release something to clean out the infection. Be careful in the meantime, 'cause rumor has it the infection records everything you type (like, say, passwords).
|
Bad guys have been taking over other people's websites and defacing them with graffiti. Bad guys have been running web sites that infect people who visit with poorly written web browsers. I've been scared for years that someone would put the two together and write something that takes over web sites to install poison on them instead of just defacing them.
Now it's happening. A new piece of malicious software is taking over some high-profile web sites that run Microsoft's web server software, and installing junk on the web page that infects visitors who run Microsoft Internet Explorer (on Windows. The Mac version is unaffected). This time being street-smart won't help you. You get no warning and no choices, the junk installs silently.
As of this morning antivirus vendors were only beginning to catch up.
Folks, it's time to give up on Internet Explorer. It's easy to download and install a more capable browser that's more secure and free. IE is only safe if you're running a prerelease of XP Service Pack 2 or if you turn off Javascript (which keeps a lot of web sites from displaying right). There is no IE patch from Microsoft yet.
If you're running IE just stay off the Internet for now. Nobody's publishing a list of the infected web sites so you don't know where to stay away from.
P.S. Microsoft explains how to tell whether you're already infected. Sooner or later your antivirus vendor will release something to clean out the infection. Be careful in the meantime, 'cause rumor has it the infection records everything you type (like, say, passwords).
# posted by Frederick @ 11:06 AM Email to a friend:
Haloscan: they provide trackback