Spyware, Bots, Rootkits Flooding Through Unpatched IE Hole

[TehBorken]

 [span style="font-weight: bold; color: rgb(0, 0, 255);"]Go ahead and be stupid: use Microsoft Explorer. If you do, don't say no one warned you. Or you could use FireFox and not have to worry about shit like this. Your choice. [/span]
[hr style="width: 100%; height: 2px;"]  [table border="0" cellpadding="0" cellspacing="0" width="100%"][tbody][tr style="font-weight: bold;" valign="top"][td colspan="1" align="left" valign="top"]
[/td][/tr][tr valign="top"]    [td class="Article_Content" colspan="1" align="left"]Spyware, Bots, Rootkits Flooding Through Unpatched IE Hole      
By Ryan Naraine
September 19, 2006
       [/p]The newest zero-day flaw in the Microsoft Windows implementation of the Vector Markup Language is being used to flood infected machines with a massive collection of bots, Trojan downloaders, spyware and rootkits.[/p]Less than 24 hours after researchers at Sunbelt Software [!-- start ziffarticle //--][a href="http://www.eweek.com/article2/0,1895,2017407,00.asp"]discovered an active malware attack[/a][!-- end ziffarticle //--] against fully patched versions of Windows, virus hunters say the Web-based exploits are serving up botnet-building Trojans and installations of ad-serving spyware.[/p] "This is a massive malware run," says Roger Thompson, chief technical officer at Atlanta-based Exploit Prevention Labs. In an interview with eWEEK, Thompson confirmed the drive-by attacks are hosing infected machines with browser tool bars and spyware programs with stealth rootkit capabilities.[/p] The laundry list of malware programs seeded on Russian porn sites also includes a dangerous keystroke logger capable of stealing data from computers and a banker Trojan that specifically hijacks log-in information from financial Web sites.[/p] According to Sunbelt Software researcher Eric Sites, the list of malware programs includes [a href="http://securityresponse.symantec.com/avcenter/venc/data/adware.virtumonde.html"]VirtuMonde[/a], an ad-serving program that triggers pop-ups from Internet Explorer; [a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Claria.GAIN.CommonElements&threatid=5605"]Claria.GAIN.CommonElements[/a], an adware utility; [a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=AvenueMedia.InternetOptimizer&threatid=4711"]AvenueMedia.InternetOptimizer[/a]; and several browser plug-ins and tool bars and variants of the virulent [a href="http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99"]Spybot worm[/a].[/p] eWEEK has confirmed the flaw—and zero-day attacks—on a fully patched version of Windows XP SP2 running IE 6.0. There are at least three sites hosting the malicious executables, which are being served up on a rotational basis.[/p] In some cases, a visit to the site turns up an error message that reads simply: "Err: this user is already attacked."[/p] The attack is closely linked to the [!-- start ziffarticle //--][a href="http://www.eweek.com/article2/0,1895,1987275,00.asp"]WebAttacker do-it-yourself spyware installation tool kit[/a][!-- end ziffarticle //--]. On one of the maliciously rigged Web sites, the attack code even goes as far as referencing the way Microsoft identifies its security patches, confirming fears that a well-organized crime ring is behind the attacks.[/p]The URL that's serving up the exploit includes the following: "MS06-XMLNS&SP2," a clear reference to the fact that the flaw is a zero-day that will trigger a quick patch from Microsoft.[/p] A Microsoft spokesman said the company is aware of the public release of detailed exploit code that could be used to exploit this vulnerability. "Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user's system. Microsoft is aware of limited attacks that attempt to exploit the vulnerability," the spokesman said in a statement sent to eWEEK.[/p]The company plans to ship an IE patch as part of its October batch of updates due Oct. 10. An emergency, out-of-cycle patch could be released if the attacks escalate.[/p] Microsoft has added signature-based detection to its Windows OneCare anti-virus product. A formal security advisory with pre-patch workarounds will be posted within the next 24 hours.[/p][/td][/tr][/tbody][/table]    

[mARY]

  I'm very sorry to hear about the malware attack because we people care about our computers and it's a real shame when they break down. However, malware, flood, spammers, hackers and viruses are everywhere on the Internet. and without a good protection system such as Kaspersky (http://www.trustdownload.com/Antivirus-and-Spyware-Cleaners/Antivirus/Kaspersky-Internet-Security-7.0.html) we risk a lot.    

[Mr bump]

 Kapersky is fairly good protection but you have to pay for it.

Comodo offers some pretty good security and free.  Don't be fooled into paying for software when there are some very good free ones on the market today.

 [a href="http://www.matousec.com/"]This site tests many different  utilities [/a]

some say it is a good site for software knowledge  on what you need and want

ok here are a few things some folks i  know use...

those on shaw, tend to use [a href="http://shawsecure.ca/"]shaw secure[/a] based on a Kapersky and a Fsecure anti-virus product. It is good but not great anti virus. F-secure can give lots of false negatives, it also can miss many root kits and viruses because shaw is slow to install the update patches to the software kit they issue..

Shaw security tools they are better than nothing, but  honestly I recomend Commodo more. It is better than any of Shaws sexurity products.  Most shaw users just use the shaw software alone and if that is all you use then you are asking for trouble. I find shaw's security tools to be a memorey hogs. Shaw's security tools also use a lot of the pc resources. I really do not recommend shaw's Internet tools if you are on a older & slower PC (meaning on a single core pc under 3 ghz)

I strongly recommend E-set for  an anti virus software (well worth the 20 dollars) and zone alarm as a firewall for those that need cheap or free user friendly software. they are easy to set up and forget they use minimal system resources and keep you just as safe as the giant name brand store items.

For those who are more PC comfortable or knowledgeable I recommend to them all the software called Comodo I find it to be a brilliant anti-virus and firewall and let us not forget this important news factor that it is free.  

some Phreak's I know like to use [a href="http://www.eset.com/"]Nod32  aka Eset [/a]

many guys I know swear by [a href="http://www.comodo.com/"]Comodo [/a]it is reportedly one of the  best all around anti-virus and firewall all in one security systems a  person can buy...  [a href="https://accounts.comodo.com/cfp/management/signup?aid=13"]costs 40  dollars per year  [/a]There is also a excellent free version for use.

some super geeks I know, love the [a href="http://www.kaspersky.com/af/globalstore?AID=1061137&PID=2999810"]kapersky  software suite[/a].. I can not justify the cost but if you have the  money . I do recommend it... 60 dollars per year for home users .

This is one [a href="http://www.tallemu.com/"]Online-Armor [/a]I have recently heard of it, but I have not yet tried it. It got some good scores with matousec

some  other free and useful programs I recommend are [a href="http://www.ccleaner.com/"]CCleaner[/a] and [a href="http://www.safer-networking.org/en/index.html"]Spybot Search and  destroy .[/a]

Best to have some of these tools than none of them installed. These tools/ software can make the difference from rescuing your hard drive from a infection or to losing all your data to an infection

Sometimes the only cure is to format. that is a worst case scenario, hopefully you have some security tools and software installed to keep that from becoming a necessity.
   

[Secure]

With Kaspersky, you pay for a year and get 3 licenses.  It's not that expensive and worth every penny.

[Blue Neener]

What ever you do don't really on one program to do it all, you need a teared system of defense with all the threats.
You also can never check your system enough.

Comodo does alright but my Microsoft Security Essentials picks up stuff. Super AntiSpy-ware  picks up stuff, then I run Malwarebytes' Anti-Malware and it sometimes gets stuff.

WOT web of trust helps a lot, that way I can check a site out before even entering. If you have Firefox well worth getting.
SpywareBlaster is another good program.
Ccleaner to clean the basic garbage out is good.
The last one I use is Spybot - Search & Destroy on advanced mode, you need to use the settings and learn the program for best results.

Any other good ones needed mentioned would be nice.

 

[P.C.]

It's a good thing I understood all that.    

[All for one]

Yeah Blue, why get one program when 50 will do?  /rolling eyes

[Neener]

Well when one comes along that does it all, I don't know of any especially free ones.  

[Orik]

Glary utilities is also pretty good for keeping your system tuned up and clean of basic junk


 

[Cheap?]

Secure > Cheap

[Neener]

 Orik wrote:
Glary utilities is also pretty good for keeping your system tuned up and clean of basic junk

I use that once or twice a week, it has a good bunch of tools also, uninstaller, defrag. and registry defrag.
 
 

[Orik]

One can also get Windows Utilities Professional from a few sites for free still

[table class="contentpaneopen"]             [tbody][tr]          [td colspan="2" valign="top"]             [div style="text-align: center;"][a target="_blank" href="http://www.softpedia.com/progDownload/WinUtilities-Download-30740.html"]
Click  here to download[/a]
 
 [script type="text/XXXXscript"][!-- google_ad_client = "pub-3406301674654591"; /* 468x60, Created on 10-4-2 */ google_ad_slot = "6170631525"; google_ad_width = 468; google_ad_height = 60; //--] [/script][script type="text/XXXXscript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"] [/script]
 
 [/span][span style="font-size: 14px;"][span style="color: rgb(255, 0, 0);"][span style="font-family: Tahoma;"]Step 2: Registration[/span][/span][/span][span style="font-size: 11px;"][span style="color: rgb(51, 102, 255);"][span style="font-size: 14px;"]
 
 [/span][/span][/span][span style="font-family: Tahoma;"]License  Name: Softpedia User
 License Code: C1H0L9-611A-FC03-6F73-47F1-W6Y1L3[/span][span style="font-size: 11px;"][span style="color: rgb(0, 0, 0);"]
 [/span]
 [/span][/div] [span style="font-size: 11px;"][/span][/td][/tr][/tbody][/table]




Lots of sites one can grab some great utilities from for free and these are registered programs for free. But the program give aways are valid for only 24 hours or less depending on the program and the site.


[a href="http://www.softpedia.com/"]Softpedia[/a] [a href="http://www.giveawayoftheday.com"]Give away of the day[/a] [a href="http://www.techmynd.com/"]Techmynd[/a]
 

[Neener]

I had that not long ago and it was good also and a lot like Glary, I hacked something in the registry and it didn't work anymore so I uninstalled it.
Good program though.
I used the 2009 version .
 

[Um .. No]

A Microsoft program handling security?  Um, no thanks.

[Neener]

It's just backing mine up and it's caught stuff Comodo, AVG, and Avera hasn't.