Tuesday, March 22, 2005

Computer Security: Internet Explorer

This just in by way of Auntie Spam and it's a doozy insomuchas all Windows Computers and AOL for Windows are using Internet Explorer:

New Internet Explorer Attack by “Integrated Search Technologies” Works Even if IE is Closed!

A new type of attack on Internet Explorer has been discovered this week,
and this attack works even if IE is closed! The way that it works is that a user visits an infected site, is given a pop-up window asking them to install an applet from Integrated Search Technologies, and if they agree, the applet downloads and installs a ton of spyware, which in turn opens up Internet Explorer and starts doing its thing.

According to Christopher Boyd of VitalSecurity.org, the attack works regardless of whether Internet Explorer is open or closed, and regardless of IE’s security settings.

Now, there are reasons to hope that this attack won’t gain much traction, not the least of which is that the user is first prompted to install the applet, and one would hope that most users won’t do so. The installation prompt message even says that security certificate for the applet was issued by a company that is not trusted, and that the Integrated Search Technologies certificate has expired or is otherwise not valid.

Still, it is aimed at end users, who are by and large a trusting bunch, and who are occasionally known to click first and ask questions later. Plus, the Integrated Search Technologies attack applet has been showing up on sites which seem the height of innocence, including a Neil Diamond site.

The bottom line? If an Integrated Search Technologies applet comes a’knocking at your door, don’t answer.


PS - I know I often deliver fake news here with a straight face, so be advised, this is not a hoax. It is also why I left the text unchanged and in it's entirety, so you can check the original for yourself via the link up top.

No comments: