New York — It's been a bad week for many users of Microsoft Corp.'s nearly ubiquitous Internet Explorer browser.
A pair of virus attacks exploiting its vulnerabilities has led security experts to recommend that Web surfers consider such alternatives as Mozilla and Opera.
Continuing to use Internet Explorer is “like playing the lottery,” said Johannes Ullrich, chief technology officer of the non-profit SANS Internet Security Centre.
The respected research centre is among security groups recommending other browsers as long as a key vulnerability in IE remains unfixed, leaving it capable of running malicious code that's been hidden at a number of popular Web sites.
Switching browsers may cause problems, but less so than following Microsoft's temporary prescription of cranking up security settings, which may cripple the ability to access multimedia content or fill out Web forms, Mr. Ullrich said.
Last week, a computer virus designed to steal valuable information as Web users typed it into their computers — passwords and the like — spread through a new technique that converted popular Web sites into virus transmitters.
And this week, researchers discovered another password-stealing program hidden behind pop-up ads.
Microsoft was still working to fix a lingering vulnerability from last week's virus, and while a repair for the flaw enabling this week's Trojan infection was issued in April, many users had yet to patch their systems.
IE is a frequent target for hacking because of its popularity; WebSideStory Inc. says 95 per cent of surfers use it globally. The browser is closely integrated with Microsoft's Windows operating system and Outlook e-mail program, creating more room for programming error and making solutions more difficult.
Though many of IE's functions are not unique, IE tends to be more permissive in running code — flexibility that helps Web developers create fancy features but allows hackers to more easily find weaknesses.
A major Windows XP upgrade, known as a service pack, is due out this summer and would plugs some holes in IE. Last week's outbreak would not have occurred had those software plugs been installed, said Gary Schare, a Microsoft security director.
Microsoft also is developing a specific fix for the new vulnerability, but Mr. Schare said testing takes time. He called it premature for independent security experts to recommend that people explore alternatives.
Even if those recommendations were heeded, it's highly unlikely Microsoft could be unseated as top dog in the browser business. After all, IE comes with Windows computers. The Justice Department, after initially suing to force Microsoft to uncouple the browser from its operating systems, later backed down.
Many users don't care enough or know how to find other browsers, most of which are free or ad-supported. Opera Software ASA, which offers the No. 3 browser for Windows, saw no significant change in downloads this week.
“It's not that consumers are so loyal to Microsoft, but more they are apathetic,” said Geoff Johnston, an analyst with WebSideStory, which tracks browser usage. “With it, there really is a cost to switching.”
Users who install alternatives will find that some Web sites simply won't work. Movielink LLC says its on-line movies need technology specific to IE, and America Online Inc. shuns its own Mozilla-based Netscape browsers for new conferencing tools.
Browser-integrated toolbars from search leader Google Inc. and others are only available for Internet Explorer.
Many sites work on alternatives but display items incorrectly, often because developers fail to test on them.
“All they know is it looks good to them ... on their own browser, and their own browser is most probably Internet Explorer,” said Jakob Nielsen, a Web design expert with Nielsen Norman Group.
Ken Godskind, vice-president of marketing at the Internet monitoring firm AlertSite, uses the Mozilla browser partly because of security concerns, but he accepts having to run IE now and then.
“Rarely are you going to go someplace where you're going to avoid Microsoft technology,” he said.
But sites have gotten better about designing for other browsers, said Porter Glendinning, an Internet consultant who promotes adherence to Web standards. Until recently, he said, banking applications rarely worked on anything else.
And leading Web application developers, including Opera, Apple Computer Inc. and Macromedia Inc., are collaborating on better plug-in technology to rival Microsoft's.
Opera's Christen Krogh said users would get the same functionality no matter their browser.
PC-Mac Support , Windows & Apple & Android systems A+ PC-Mac Computer Technician, bdamusic@gmail.com Email me! 238-1777,Facebook http://tinyurl.com/36sqj5u PC & Apple service at your home: connect your PC or Mac to the Internet:install IP security cameras:install wireless network: Vitamin D surveillance software Reseller
Friday, July 02, 2004
Tuesday, June 29, 2004
Pop-up program reads keystrokes, steals passwords
Security researchers have discovered a malicious program that installs itself through a pop-up ad and can read keystrokes and steal passwords when victims visit any of nearly 50 targeted banking sites.
The targeted sites include major financial institutions, such as Citibank, Barclays Bank and Deutsche Bank, researcher Marcus Sachs said Tuesday.
"If (the program) recognizes that you are on one of those sites, it does keystroke logging," said Sachs, director of the Internet Storm Center, a site that monitors network threats. Even though all financial sites use encryption built into the browser to protect log-in data, the Trojan horse program can capture the information before it gets encrypted by the browser software. "The browser does not encrypt data between your keyboard and computer. It's encrypting it (when it goes) out onto the Web."
Sachs said the Trojan horse was first discovered on the computer of "an employee at a major dot-com." The victim apparently picked up the program from a malicious pop-up ad that used a flaw in Internet Explorer's helper server to install itself on the user's PC. In this case, because of the computer's security settings, the installation failed. Microsoft said IE users should raise the security settings to high until the company issues a patch.
Researchers at the Internet Storm Center studied the Trojan horse file, called "img1big.gif," which was provided by the dot-com. Working through the weekend, the security experts reverse-engineered the program and discovered that it targeted a long list of banks and attempted to steal the account information of those institutions' customers.
The program points to a recent trend in computer viruses and remote-access Trojan horse, or RAT, programs: Attackers are increasingly after money. In April, security experts warned that 'bot networks'--large networks of zombified home PCs--are a greater threat than high-profile worms such as Sasser and MSBlast, because they could be used to steal financial information or to send untraceable spam.
"In the past, the most common way to collect financial information was through fraud like the Nigerian e-mail scam," said Oliver Friedrichs, senior manager in antivirus company Symantec's security response center. Friedrichs said that in the past few months, Symantec analysts have studied threats similar to the current Trojan horse.
Because it carries a .gif file extension, the Trojan horse appears to be a graphic in a compressed format commonly found on the Internet. In reality, it's two programs: a browser helper file that surreptitiously captures usernames and passwords; and a "file dropper" that installs the keyword logger on the victim's computer.
The first file attempts to run itself by using an old Internet Explorer flaw, and the second file uses a feature of most major browsers, known as helper files, to intercept data, Sachs said.
"Before data goes through your browser, it can be processed by a helper file," he said. "What makes this one really clever is that (it takes) advantage of the ability in all browsers to use helper files and defeat the encryption."
Once the Trojan horse captures financial information, it encrypts the data by using a program hosted on an Internet server and sends the data back to the attackers, who appear to be in South America, Sachs said.
Security experts have stressed the vulnerability of Microsoft's Internet Explorer recently, following public warnings of vulnerabilities in the browser that could enable attackers to install malicious programs. Those flaws have not yet been fixed by Microsoft.
An attack that had used a vulnerability to turn some Web sites into points of digital infection was nipped in the bud Friday, when Internet engineers managed to shut down a Russian server that had been the source of malicious code. Compromised Web sites are still attempting to infect Web surfers' PCs by referring them to the server in Russia, but that computer can no longer be reached.
While the latest program is installed on Windows computers using a known vulnerability, the helper file hack exploits a feature, not a flaw, and could work with most major browsers, Sachs said.
"Sometimes, there's not much difference between a feature and a flaw,"
The targeted sites include major financial institutions, such as Citibank, Barclays Bank and Deutsche Bank, researcher Marcus Sachs said Tuesday.
"If (the program) recognizes that you are on one of those sites, it does keystroke logging," said Sachs, director of the Internet Storm Center, a site that monitors network threats. Even though all financial sites use encryption built into the browser to protect log-in data, the Trojan horse program can capture the information before it gets encrypted by the browser software. "The browser does not encrypt data between your keyboard and computer. It's encrypting it (when it goes) out onto the Web."
Sachs said the Trojan horse was first discovered on the computer of "an employee at a major dot-com." The victim apparently picked up the program from a malicious pop-up ad that used a flaw in Internet Explorer's helper server to install itself on the user's PC. In this case, because of the computer's security settings, the installation failed. Microsoft said IE users should raise the security settings to high until the company issues a patch.
Researchers at the Internet Storm Center studied the Trojan horse file, called "img1big.gif," which was provided by the dot-com. Working through the weekend, the security experts reverse-engineered the program and discovered that it targeted a long list of banks and attempted to steal the account information of those institutions' customers.
The program points to a recent trend in computer viruses and remote-access Trojan horse, or RAT, programs: Attackers are increasingly after money. In April, security experts warned that 'bot networks'--large networks of zombified home PCs--are a greater threat than high-profile worms such as Sasser and MSBlast, because they could be used to steal financial information or to send untraceable spam.
"In the past, the most common way to collect financial information was through fraud like the Nigerian e-mail scam," said Oliver Friedrichs, senior manager in antivirus company Symantec's security response center. Friedrichs said that in the past few months, Symantec analysts have studied threats similar to the current Trojan horse.
Because it carries a .gif file extension, the Trojan horse appears to be a graphic in a compressed format commonly found on the Internet. In reality, it's two programs: a browser helper file that surreptitiously captures usernames and passwords; and a "file dropper" that installs the keyword logger on the victim's computer.
The first file attempts to run itself by using an old Internet Explorer flaw, and the second file uses a feature of most major browsers, known as helper files, to intercept data, Sachs said.
"Before data goes through your browser, it can be processed by a helper file," he said. "What makes this one really clever is that (it takes) advantage of the ability in all browsers to use helper files and defeat the encryption."
Once the Trojan horse captures financial information, it encrypts the data by using a program hosted on an Internet server and sends the data back to the attackers, who appear to be in South America, Sachs said.
Security experts have stressed the vulnerability of Microsoft's Internet Explorer recently, following public warnings of vulnerabilities in the browser that could enable attackers to install malicious programs. Those flaws have not yet been fixed by Microsoft.
An attack that had used a vulnerability to turn some Web sites into points of digital infection was nipped in the bud Friday, when Internet engineers managed to shut down a Russian server that had been the source of malicious code. Compromised Web sites are still attempting to infect Web surfers' PCs by referring them to the server in Russia, but that computer can no longer be reached.
While the latest program is installed on Windows computers using a known vulnerability, the helper file hack exploits a feature, not a flaw, and could work with most major browsers, Sachs said.
"Sometimes, there's not much difference between a feature and a flaw,"
Subscribe to:
Posts (Atom)