Warning: Internet Explorer exploit

[Thorarin]

I've run into an apparently newfound exploit in Internet Explorer (Quakenet chatters will probably have seen it), that allows scripts from websites to be executed with full privileges. The original was fairly harmless, though it did try to send it's URL through IRC to other people..

However, it doesn't take a rocket scientist to make a harmful version of this. Within an hour one could rig a DAoC fansite to fetch a player's login and game password if DAoC is running, without necessarily being noticeable.

Therefore I'd just like to warn people to be careful which sites you are visiting while playing DAoC, at least until this serious exploit is fixed. Alternatively, download Opera (personal favorite as alternative to IE) or some other browser until Microsoft provides a patch for this.


Of course, this problem applies to other things besides DAoC, but certain sites are visited frequently during gameplay. I'm sure most of them are respectable, but you never know.

 

[chimaira]

f*cking korean potal potal baba me whirl hackers =(

 

[BlitheringIdiot]

Could we make this sticky please? It has potential to be pretty bloody serious.

 

[Mishy]

Alternatively, download Opera (personal favorite as alternative to IE) or some other browser until Microsoft provides a patch for this.

or Mozilla

 

[BlitheringIdiot]

Never! Downloading Mozilla is admiting to yourself that you are a geek.

 

[Mishy]

pfft, teh pop-up blocker pwnz.

 

[-Lonewolf-]

using mozilla now I quite like it

 

[dukat_lionheart]

Originally posted by Thorarin
I've run into an apparently newfound exploit in Internet Explorer (Quakenet chatters will probably have seen it), that allows scripts from websites to be executed with full privileges.

my old freind from college used to talk about this, if somone from a .gov ISP went on to a website with a nasty script on, it has the potentail to down half the worlds computers.

pretty nasty. just make sure u know what websites you are browsing, stick to ones that lots of ppl use. its the only way i know of to stop yourself from getting hacked :S

 

[Thorarin]

Originally posted by Mishy
pfft, teh pop-up blocker pwnz.

Hmm, which popup blocker are you using, because I doubt most of them block this. It doesn't open any popups using conventional methods.

 

[BlitheringIdiot]

Originally posted by Thorarin
Hmm, which popup blocker are you using, because I doubt most of them block this. It doesn't open any popups using conventional methods.

I think he means that Mozilla has an inbuilt option to block all pop-ups, we IE users have to download an independant bit of software for that. I dont think he thinks that this pop-up blocker will in anyway protect him from viruses though.

 

[Mishy]

Aye, Moz has it built in.... don't quite understand what thats got to do with stopping virus's though?

 

[Jiggs]

well its been good in a way, cos i started using mozilla and it dam nice

 

[Thorarin]

Here's a link to a disabled version of the exploit as found on Quakenet:

It doesn't do any browser version check, but it only works on IE:
http://intranet.subbot.net/exploit/exploit.html

It will place the original worm executable, present a dialog box, and then delete it, instead of executing. Useful to check if your IE has been patched properly yet in the future

 

[Coim-]

Originally posted by Jiggs
well its been good in a way, cos i started using mozilla and it dam nice

Same here.

 

[[PS]Venom]

I just installed it too

One thing that irritates me so far is that I used to use the middle mouse button to rapidly scroll up and down - click it once then mouse up/down moves the page - and Mozilla doesn't do that (As far as I can see)

Apart from that it feels a like smoother...

 

[Coim-]

Originally posted by [PS]Venom
I just installed it too

One thing that irritates me so far is that I used to use the middle mouse button to rapidly scroll up and down - click it once then mouse up/down moves the page - and Mozilla doesn't do that (As far as I can see)

Apart from that it feels a like smoother...

Pfft. Page up/down is your friend (for uber fast scrolling).

 

[old.Ramas]

Alternatively, download Opera (personal favorite as alternative to IE) or some other browser until Microsoft provides a patch for this.

And then, when MS does provide a patch, ignore it and carry on using the much better browser you have downloaded in the meantime.

 

[Thorarin]

Originally posted by old.Ramas
And then, when MS does provide a patch, ignore it and carry on using the much better browser you have downloaded in the meantime.

For some reason I keep using Internet Explorer for most browsing, even though I have Opera installed. I use the latter mostly when I need a popup blocker

 

[hercules-df]

a windows exploit? NEVER!

 

[Jonaldo]

Originally posted by Thorarin
Here's a link to a disabled version of the exploit as found on Quakenet:

It doesn't do any browser version check, but it only works on IE:
http://intranet.subbot.net/exploit/exploit.html

It will place the original worm executable, present a dialog box, and then delete it, instead of executing. Useful to check if your IE has been patched properly yet in the future

Not sure what it was supposed to do but it just popped up my norton antivirus and when I let it go it nothing really happened

Running full virus scan now and will check for all Windows updates as I've gotten all paranoid.

 

[old.Ramas]

Originally posted by Thorarin
For some reason I keep using Internet Explorer for most browsing, even though I have Opera installed. I use the latter mostly when I need a popup blocker

If you really must, download the google toolbar, it has a popup blocker on it.

 

[Thorarin]

Originally posted by old.Ramas
If you really must, download the google toolbar, it has a popup blocker on it.

More toolbars? Ewwww

 

[old.Ramas]

Originally posted by Thorarin
More toolbars? Ewwww

Doesn't have to be visible or anything - you just install it and set the options.

Though if you're turning your nose up at extra toolbars - but NOT at IE, then you clearly have issues .

 

[Flimgoblin]

Originally posted by [PS]Venom
I just installed it too

One thing that irritates me so far is that I used to use the middle mouse button to rapidly scroll up and down - click it once then mouse up/down moves the page - and Mozilla doesn't do that (As far as I can see)

Apart from that it feels a like smoother...

opera's got that feature so maybe try that one

 

[Flimgoblin]

Originally posted by Thorarin
For some reason I keep using Internet Explorer for most browsing, even though I have Opera installed. I use the latter mostly when I need a popup blocker

mouse gestures for teh win

(but not when drunk - annoying when you open 10 new windows instead of closing one )

 

[old.windforce]

pfff

1 exploit?

check this

http://www.pivx.com/larholm/unpatched/

 

[Thorarin]

Small update:

The "October 2003, Cumulative Patch for Internet Explorer 6 Service Pack 1 (KB828750)" patch that came available today (or should I say yesterday) solves this problem.

 

[cHodAX]

I was hit by the Qhost trojan variant of this last night, I run two firewalls and fully updated virus checker and it still got through. Internet Explorer granted it full access even though I had downloaded the previous pataches that supposedly fixed the problem. Luckily my anti-virus software program picked the trojan up in the middle of running it's script. It made numerous changes to my registry including DNS setting, the hosts file was changed and all the major search engines were pointed towards a bogus i.p. address. With my limited knowlege of tcpip I managed to partly figure out what was changed, that enabled me to get to a search engine and figure out what the hell had happened.

Two hours later my machine was back to normal, it required numerous changes to registry keys and a full hueristic scan with a virus checker. For anyone without a background in computing or years of experience this trojan is a disaster, thousands of people have re-installed operating systems because they have not been able to figure out what was wrong.

EVERYONE using a version of Internet Explorer needs to download this cumlative patch TODAY. If you don't and variants with a more lethal payload get into the wild you will stand to lose much more than the 2-3 hours that I did.

 

[Ekydus]

More information & Sticky please.

 

[cHodAX]

This bug also affects the Microsoft Outlook client. Valve belive this hole was used to install a peice of remote client software (via an email) that was then used to steal the Half Life 2 source code. Yep thats right, the ENTIRE source code, the bug can be used to download and run almost any peice of software. This is a serious bug, any webpage can be coded to contain this script which exploits the bug. I was infected by visting a website that was supposed to be a fansite for a band that I like.