The Register® — Biting the hand that feeds IT

Feeds

Windows users ambushed by attack on fresh IE flaw

More DirectShow danger

By Dan Goodin, 6th July 2009
  • print
  • alert

Cloud based data management

Thousands of websites have been hit by fast-moving exploit code that installs a cocktail of nasty malware on visitors' computers by targeting a previously unknown vulnerability in some versions of Internet Explorer.

The compromised websites link to a series of servers that exploit a zero-day vulnerability in an IE component that processes media. The vulnerability affects those using the XP and 2003 versions of Windows, Microsoft warned in this advisory.

"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," company security representatives wrote. "When using Internet Explorer, code execution is remote and may not require any user intervention."

More than 1,000 websites have been compromised so they include links that redirect users to sites that exploit the vulnerability, according to this translation of an advisory from CSIS. The warning said Windows 2000 was also vulnerable to the attacks, contrary to Microsoft's write-up, which explicitly said 2000 was not affected.

What isn't in dispute is that IE 7 on Vista is not vulnerable, presumably because ActiveX objects are blocked by default, according to this blog entry from McAfee researchers Haowei Ren and Geok Meng Ong.

The compromised websites are largely located in China and are operated by local schools and community centers. They point to a series of links that ultimately redirect users to a server at 8oy4t.8 866.org, according to CSIS. The site includes a JPG file that exploits a variety of vulnerabilities, "including an unprecedented stack overflow in DirectShow MPEG2TuneRequest," according to CSIS. Secunia rates the vulnerability "extremely critical," the highest rating on its five-tier severity scale.

Other vulnerabilities that are exploited are known as XMLhttp.d, RealPlay.a, BBar, and the MS06-014, according to McAfee.

The new vulnerability in DirectShow is different than a DirectShow security bug Microsoft warned of in late May, a spokesman said.

Today's Microsoft advisory offers a workaround users can take to safeguard against the vulnerability until a patch is released. It involves making changes to the Windows registry, a risky undertaking for those who aren't sure what they're doing. (As has been pointed out in comments to this article, Microsoft's advisory provides a safer and automatic way to do this.) The easier fix is to stop using IE until there's a fix, at least for those who don't use apps that are dependent on the Microsoft browser. ®

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

COMMENTS

House Rules Send Corrections
All Reader Comments (40)
Latest Comments
mfraz

Use Windows...

And don't blame me if you hackers keep finding all those holes in your OS and browser.

0
0
Homard

Yet Again Someone Has Done Some Homework

And found an exploitable weakness. Today m$ IE (that I detest) but tomorrow something else. The malware writers are in it for the money, and should not be underestimated.

However, if they put their skills to improving things for mankind, I'm sure they could achieve an awesome amount. However climate prediction and script kiddies would be like monkeys and typewriters ..... But the really gifted guys ?

Crying shame really.

I need a pint, just like Inspector Morse ... nice bit of the country in summer BTW.

0
0
Stevie

But...

Firefox makes all websites look so damned ugly. Used it last week when at a different site. Awful experience. Popups every two seconds asking "Did you really want to..." and Gad! That spellchecker!

Week before that it was Mozilla, a browser so clever that when you set the first tab to magnify text by (say) 125%, every tab you open in that same browser window will need to be told to magnify 125% because, gosh, it's not like you might have poor eyesight or be working on a fsking Unix X window lashup with piss-poor resolution adjusting tools and might expect the bloody browser res to inherit, is it?

Stopped using Opera yonks ago due to the way it behaved when it found deprecated tags. Memo to Opera developers: When there are two distinct schools of thought on how to do stuff, it's worth thinking twice before becoming the one and only proponent of option "B".

Speaking as someone who does use IE, it would be nice if the baying hounds would take a leaf from my book and stop yowling for me to use whatever they think is the bees knees. I mean, it isn't that long ago we were witnessing the authors of the two Firefox plug-in's mentioned above slagging each other off in public and writing code at each other in secret. *There's* a technology I'd buy into in a heartbeat (if the alternative were a hot poker in the hurty bits). If you don't want I.E. users accessing your websites, just tell them so and eat the consequences.

I noticed a while back that a certain UK webstore was popping up a little political screed urging a non I.E. browser be installed before I had the privilege of viewing their wares. I did the obvious: bought from somewhere else and wrote to the webmaster saying what I'd done and why. The message is, curiously, not displayed any more upon loading their front page but the website still runs like a dog because of the heavy payload it attempts to force down the pipe in the quest for Teh Awsum. (Research suggsts the browsing experience is no better with the Golden Browsers either, for what it's worth).

Yes it's inconvenient that yet another hole has been found in some dimwit active X control. Yes, the problem targets Windows and IE, because those are the majority choice in the marketplace, for whatever reason. No doubt when Firefox has swept all other browsers before it into the mists of oblivion, people will start writing more attack code for it. I look forward to the day when the clear technical advantages and ease of use of the product, coupled with a virtually effortless installation and configuration that my 80 year old parents can manage, make this the browser of choice. Of course, by then everyone will be using Chrome.

I'd say nice things about OS X but, well, it's OS X.

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
136
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
61
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17