Radsoft
 About | Buy | News | Products | Rants | Search | Security
Home » Security

Grandma Alert: Internet Explorer

They spread things. They're contagious. They harm you. They feed on Microsoft products.


Get It

Try It

As reported 20 September by Brian Krebs, Microsoft Corporation of Redmond Washington, makers of the Internet Explorer World Wide Web browser, have announced a 'fix' for yet another flaw in their product. This means of course that anyone still using Internet Explorer ('IE') to browse the web needs to take this fix post-haste, as the bandits lurking everywhere online are ready to pounce at any time.

So put down that Minesweeper application for a few minutes and read this. You'll be glad you did.

'Zero-Day Flaw'

The flaw in IE is a so-called 'zero-day flaw'. (Youngsters like Brian often write '0-day' instead.) A 'zero-day flaw' is a flaw almost nobody knows about. It's so new that there hasn't even gone a single day (or 24-hour period) after it was discovered until when it was being used for nefarious purposes. So it's really really dangerous.

['Zero-day' also implies that the company whose programs are being attacked (Microsoft in this case) still have no clue what's going on and can't really fix it properly.]

The flaw is found in all modern versions of Internet Explorer: versions 7, 8, and 9. (Microsoft regularly have lots of flaws in their products, so get used to it. You chose Windows, nobody else.)

But there is a fix for now. And it's found here.

http://support.microsoft.com/kb/2744842

You might want to skip to the section 'fix it for me' or you might want to get someone to help you. These 'fixes' on Microsoft platforms are never easy.

And don't believe what you hear from Microsoft about this flaw not being serious. Brian Krebs states:

'The company keeps downplaying the threat, stating there have been an extremely limited number of attacks. Nevertheless, as I noted in previous stories this week, a reliable exploit for this vulnerability has already been rolled into free, easy-to-use attack tools, so IE users should not delay in applying this fix-it tool.'

Trust Brian. He also states that applying this fix will not interfere with other more customary 'fixes' from Microsoft.

One Day Later

And a mere day later, Microsoft issued another bulletin. Brian reports on it here. But now the number of flaws has gone up from one to five - in a single day!

http://krebsonsecurity.com/2012/09/microsoft-fixes-zero-day-four-other-flaws-in-ie

Information on the fixes can be found here.

https://technet.microsoft.com/en-us/security/bulletin/ms12-063

And that page really isn't easy to navigate, so ask someone to help you. Or else wait for Windows Update or Automatic Update. And hope for the best.

They're Dangerous Alright!

Many supposed computer experts downplayed the serious nature of these latest IE flaws. Brian Krebs scolds them.

http://krebsonsecurity.com/2012/10/in-a-zero-day-world-its-active-attacks-that-matter

What the argument of those other supposed 'computer experts' all boils down to might be that other web browsers have flaws too so why worry? Read Brian's piece and you'll see why. Internet Explorer might be used primarily by the 'older generation' today, but they're a significant number. And as Brian points out in yet another article at the link below, merely harbouring viruses and such on your computer can harm a lot of people - including you.

http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited



As the article points out - and this might scare the poopie out of you - a 'hacked' computer such as yours will in effect harbour a parasite (just like a real virus) but this parasite can do a lot more things than just give you the sniffles. It can:

  • Organise the further spreading of the disease (phishing sites, malware download sites, warez/piracy sites, sites with child pornography, so-called 'spam sites') or attacks on other people's computers through email and webmail
  • Infect online gaming sites, characters, currencies - even the licence to run your own copy of Microsoft Windows!
  • Infect people's accounts at Twitter, Facebook, LinkedIn, Google+
  • Act as a 'spam zombie', sending out millions of junk mail messages without you ever detecting it
  • Turn your Windows computer into a part of a 'DDoS' attack as has recently hit any number of high profile websites
  • Recruit your computer into 'click fraud' schemes where it appears (although you never see it) that you've clicked on a lot of online advertisements, so somebody will get paid for generating all those clicks
  • Use your Windows PC to solve so-called 'CAPTCHA' riddles which are otherwise used to defeat nefarious programs like this
  • Stealing online credentials to eBay, PayPal, gaming sites, upload links so other websites can be broken into, credentials for Skype and VoIP accounts, assorted security certificates
  • Stealing bank data (perhaps yours) such as bank account numbers and personal information, credit card data including PINs, stock trading account data for those of you with places in Miami, mutual fund/401k account data (which hopefully you all have)
  • Kidnapping operations - holding other people's computers hostage: this doesn't mean they break in and steal the computers, only that they disable them remotely (and yes they can do this yes they can) and put in fake antivirus alerts so you send them money for nonexistent or worthless products you don't need, hijacking your webmail accounts and forcing you to pay money to get them back again, or even kidnapping webcam images (you do have a webcam, don't you?)

And all this because you didn't take the Internet Explorer patch in time.

See Also
Krebs on Security: The Scrap Value of a Hacked PC, Revisited
Krebs on Security: Microsoft Issues Stopgap Fix for IE 0-Day Flaw
Krebs on Security: Microsoft Fixes Zero-Day, Four Other Flaws in IE
Krebs on Security: In a Zero-Day World, It's Active Attacks that Matter

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.