Internet Explorer Hacked

[cycloneye]

Here is an update from Microsoft about this situation.It looks like they are trying to fix it rapidly:

Microsoft said it plans to ship a security update, rated "critical," for the browser on Wednesday. People with the Windows Update feature activated on their computers will get the patch automatically.

http://news.yahoo.com/s/ap/20081216/ap_ ... r_security

[Dionne]

I have a bunch of contacts bookmarked in IE. I want to send them to Mozilla Firefox. Is this going to be a hands on deal for each addy or is there one swift motion? I don't want any IE virus tagging along into Mozilla. I currently have a problem in IE but not Mozilla. Please respond. All the discussion I have read earlier gave good info and I appreciate it.

http://support.mozilla.com/en-US/kb/For ... orer+Users

Note that you can always import your Internet Explorer settings again in the future by clicking on the File menu and selecting Import....

It will not work on your posted link. The icon is present but does not respond.

[Category 5]

Ever since I switched to Firefox I cannot fathom why people use explorer.

[RL3AO]

Ever since I switched to Firefox I cannot fathom why people use explorer.

Neither can I.

[angelwing]

Neither one of my jobs will use Firefox, they both have IE and it totally sux, sigh

[CajunMama]

I've never had any problem with IE so there was no reason to change to anything else. I wasn't going to change just because everyone else was doing it and it was the thing to do. So please remember that because you use something other than IE doesn't mean that the person using IE is any less than you (that's the feeling i get from some of these posts).

[southerngale]

Ever since I was first introduced to Firefox (several years ago, when it was still pretty new), I've used it. It's so much better than I.E.

[southerngale]

I've never had any problem with IE so there was no reason to change to anything else. I wasn't going to change just because everyone else was doing it and it was the thing to do. So please remember that because you use something other than IE doesn't mean that the person using IE is any less than you (that's the feeling i get from some of these posts).

I don't think anyone changed because everyone else was doing it and it was the thing to do. I think most people, including me, changed because we wanted a better, safer browser than I.E. Unless a thread like this pops up, most of us don't even know what anyone else uses.

[lurkey]

Firefox update 3.0.5 available for download.

Mozilla has released a small update to Firefox in the form of Firefox 3.0.5. The update includes security and stability fixes, support for more languages, and smashes a whole handful of bugs. If you haven't updated already, click Help -> Check for Updates to get the update ball rolling.

I left IE and eventually Netscape, because of the features the new browser offered. I went from Netscape to Firefox, because of tabbed browsing... IE and Netscape loved to crash when more than browser window was open. Also, because of the opportunity to block popup ads and ads in general, actually, that like to take over CPU usage. . .

[P.K.]

People are still using IE???

I've been using FF for almost 3 years now.

[Dionne]

There is a way to adapt. Use IE for only the risk sites you visit. Use Mozilla for your known sites with a record of trust. I go back and forth frequently. Mozilla has not let me down......IE has twice.

If your IE and have not been hacked......there are several reasons. You have not visited risk websites. You prolly don't surf that much and you have never purchased online.

Ever wonder about those funny sounds your puter makes in the early morning hours? What causes those?

Is that the boogie man?

[breeze]

LOL, Dionne, I was wondering about that myself! Sometimes, in the night, when my screen
is dark and "sleeping", it will suddenly "wake up" and the desktop light fills the room!

Ooooooh...that's gotta be the Boogie Man trying to check his e-mail or something!

[Aslkahuna]

Fortunately, my computer is in the far side of the house from my bedroom so the updates don't wake me up.

[mf_dolphin]

While Firefox is definitely lighter and faster it's far from immune from hacks either. The more popular it's become the more hackers are targeting it with their attacks. In fact it suffers from many of the exact same types of flaws as IE. Tonight patches were released for both the 2.x and 3.x versions of Firefox.

[coriolis]

Best way to protect a computer is to keep teenagers off of it.

[lurkey]

One thing that is great about Firefox vs. IE, is the customibilty and the control over the browser you have. Using extensions, you can block some of the malware and adware that you can't avoid with IE. For example, NoScript, lets you decide whether not a script (Javascript) will run on a webpage by webpage basis. Adblock blocks popads (and ads in general) that may contain malware and cookies.

[bvigal]

One thing that is great about Firefox vs. IE, is the customibilty and the control over the browser you have. Using extensions, you can block some of the malware and adware that you can't avoid with IE. For example, NoScript, lets you decide whether not a script (Javascript) will run on a webpage by webpage basis. Adblock blocks popads (and ads in general) that may contain malware and cookies.

I do the same thing with IE 6 by using Trusted Sites and blocking cookies. Basically, no site is going to run java or activex scripts on my computer, write ANYTHING to my computer (even a cookie), unless I add them to my trusted sites.

The problem with this particular vulnerability is, it's utilized by then visiting hacked sites which subsequently contain code to exploit the vulnerability. According to the trade articles, for some reason there is great concern that hacking will progress into mainline sites that users consider "safe". Suddenly my "trusted" sites might not be really 'trusted'! If they hack into something on NOAA, I'm a dead duck! (all "trusted sites" *.noaa.gov)

While Firefox is definitely lighter and faster it's far from immune from hacks either. The more popular it's become the more hackers are targeting it with their attacks. In fact it suffers from many of the exact same types of flaws as IE. Tonight patches were released for both the 2.x and 3.x versions of Firefox.

VERY GOOD POINT, thanks!

I'm IE 7 with the service pack. I noticed probs just before we left on vacation. I made some calls seeking tech help and ended up speaking with a gentleman at the Secret Service......which really blew my mind. The hacker is overseas. I was advised to change everything.......all online accounts.....all c/c's I use online......even my checking that I transfer funds through online.

Dionne, I'm sorry to hear of your problems. I went to sleep after reading this last night, and worked today, and I'm still thinking about what you said - just can't get it out of my mind. 2 burning questions:
1. How did you end up talking to Secret Service for technical help?
2. When you mention "the hacker" are you referring to this "zero-day IE vulnerability", or something else? The reason I ask, I've been digging into this and understand the weakness in IE, but have yet to hear HOW that weakness is being used. In other words, to download trojans, do mass mailing, steal identities, etc. I heard one blub about a keylogger trojan.

Here is a theoretical question for all the gurus out there: To do any of those nasty things mentioned, a criminal would not want you to know they have compromised your computer. So what purpose would be gained by crashing the internet browser, alerting the user to a problem, and virtually forcing them to immediately pursue a solution?

Ponder this: Is perhaps the true risk then taken during user's common tasks to find a solution, like running virus scan? I spend a large percentage of my work time on viruses, trojans, adware, etc. and I'm still scratching my head about this one. There may be more to this story yet!

[Stephanie]

Here is a theoretical question for all the gurus out there: To do any of those nasty things mentioned, a criminal would not want you to know they have compromised your computer. So what purpose would be gained by crashing the internet browser, alerting the user to a problem, and virtually forcing them to immediately pursue a solution?

I'm going to say that the issue is time. The hackers probably know that they would crash the browser, but it will still take time for the fix to be in place. Therefore, it buys them the time needed to get as much personal information from infected computers as possible.

[lurkey]

One thing that is great about Firefox vs. IE, is the customibilty and the control over the browser you have. Using extensions, you can block some of the malware and adware that you can't avoid with IE. For example, NoScript, lets you decide whether not a script (Javascript) will run on a webpage by webpage basis. Adblock blocks popads (and ads in general) that may contain malware and cookies.

I do the same thing with IE 6 by using Trusted Sites and blocking cookies. Basically, no site is going to run java or activex scripts on my computer, write ANYTHING to my computer (even a cookie), unless I add them to my trusted sites. [/quote}

about the extentions. . .the buttons are on the browser itself. No need to go into the menu options to changes things. I have NoScript on as default. If I come to a trusted site, I turn it off . . do what I need to . . then turn it back.

[bvigal]

OK, back to the topic (vs what browser to use, people for various reasons important to them, will continue with what they currently use).

Received email this morning from McAfee. (Don't know why they waited so long.)

Microsoft has released a patch to address a critical remote-code-execution vulnerability in Microsoft Internet Explorer. The MS08-078 bulletin (Microsoft Internet Pointer Reference Memory Corruption Vulnerability) addresses the vulnerability for Microsoft Internet Explorer versions 5.01, 6, 7, and 8 Beta 2 running on Windows 2000 SP4, XP SP3, Server 2003 SP1, Vista SP1 and certain Server 2008 configurations.

Main threat sources: E-Mail; Locally logged-on user; Web
Threat level: Critical.

Solutions: On December 17, Microsoft released a patch to address this issue.

General risks consist of:

Access and potential theft of personal data
Personal pass code access and theft

In addition to the IE patch from MS, keeping security software updated and running scans often, I suggest downloading and using (several times daily), a program called ATF Cleaner. It allows you to wipe out all temp, prefetch, recent, history, cache files, cookies with a click. This reduces risk of malware processes waiting to install/run, it will greatly improve speed on some computers. Run it before your virus scan to reduce # of files to scan. For maximum benefit and safe use, ALWAYS close all running programs including browser before running! Find at http://www.atribune.org/
(Vista users be sure and read the note.)