Security holes in Microsoft's Internet Explorer browser have been exploited by hackers to hijack AOL instant messaging accounts and force unsuspecting Web surfers to run up massive phone bills, computer experts cautioned on Friday. Some Internet Explorer users are also finding that malicious Web sites are secretly slipping trojan programs onto their computers, which could prove an even more dangerous exploit, said Drew Copley, a research engineer at Aliso Viejo, California-based eEye Digital Security, who discovered the original security vulnerability. Such stealth programs can include keystroke loggers that record everything a person types or software to erase the hard drive, among other things, he said.
Microsoft has released a patch for the original hole, which was reported about a month ago, said Stephen Toulouse, security program manager for Microsoft's Security Response Center. The company is looking into what it says are variations of the original hole that have been discovered since then that the patch does not fix, Toulouse said. "We will release a fix for the variations," he said. Security experts are reporting the variations as new security holes, disclosed within the past three weeks and used for different types of attacks, Copley said. Microsoft and eEye Digital Security said they have issued information for temporary workarounds. In general, the attacks are accomplished by leading Internet Explorer users to a malicious Web site, either by sending an e-mail with a link to the Web page or distributing a link through instant messaging, Copley said.
News source: Reuters
Microsoft has released a patch for the original hole, which was reported about a month ago, said Stephen Toulouse, security program manager for Microsoft's Security Response Center. The company is looking into what it says are variations of the original hole that have been discovered since then that the patch does not fix, Toulouse said. "We will release a fix for the variations," he said. Security experts are reporting the variations as new security holes, disclosed within the past three weeks and used for different types of attacks, Copley said. Microsoft and eEye Digital Security said they have issued information for temporary workarounds. In general, the attacks are accomplished by leading Internet Explorer users to a malicious Web site, either by sending an e-mail with a link to the Web page or distributing a link through instant messaging, Copley said.
News source: Reuters
If you already accepted this SMB.exe file, here's how to remove it manually:
- Go to task manager. (Ctrl+alt+del) and select the Process tab
- Click admagic.exe then click End Process
- Go to the C: drive and delete smb.exe and admagic.exe.
- Go to Windows directory and delete atl.dll, raw32x.dll, sm.dll and uz.exe.
- Go to the registry (Start > Run > type "regedit" > click ok) and go to HKEY_LOCAL_MACHINESOFTWAREMicorosoftWindowsCurrentVersionRun. Delete the svchost = admagic.exe string value.
Last edited by 33779 on 28 Sep 2003 - 20:51
Not for long.
Last edited by 10354 on 28 Sep 2003 - 07:03
Obviously, human error is why we have holes. Wake up.
since ie is a unremovable part of all current microsoft oses. dont you think that geer's paper was right on base?
and what's your point about IE being integrated into windows?
and why do people upgrade oses? becuase of the promise of fewer bugs.
There are fewer bugs. What the hell are you complaining about?
And the bug does not get exploited if you're not using IE. This would be a simple realization achieved by reading the article: "In general, the attacks are accomplished by leading Internet Explorer users to a malicious Web site, either by sending an e-mail with a link to the Web page or distributing a link through instant messaging."
So the bug still exists, but you don't use IE, so it doesn't even get exploited. What is your problem?
Last edited by 820 on 28 Sep 2003 - 16:40
thanks for finally admiting that we should use other browsers
Actually, I'm wondering why you're trolling the crap out of this page bitching about an exploit that doesn't even affect you.
And opera is the best browser IMO!
I know who did the AIM... but if you use 5.2.3281 and before that, you will be fine and not have to worry. For latest AIM and such, you should, not sure about 5.5 beta, but, it takes your password out of the registry, if you store it or not, i guess, something new aim is doing, cause it doesn't appear to be in 5.2.3281 or before... just a little comment i thought i'd give
be careful about the links you click and who is sending you too it...
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.