Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Communications Components & Upgrading Desktop PCs DVD & Hard Drives Gaming Hardware & Software HDTV Laptops Macs & iPods Monitors Printers Spyware & Security The PCW Test Center Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Friday, March 30, 2007 9:56 AM PT Posted by Erik Larkin

Alert: Critical Windows Attack Underway

A serious new Internet attack affecting Internet Explorer 6 and 7, and Outlook 2002 and later on Windows XP SP2 is underway. If you simply view a Web site or HTML e-mail that's been laced with a poisoned animated cursor file (.ani), an attacker can take over your computer. IE7 under Vista, Firefox and Outlook 2007 are not currently affected.

This is a zero-day attack, meaning there's no patch available as of yet. McAfee and iDefense have reported finding live attacks in the wild, and Andreas Marx of AV Test wrote to tell me there are somewhere around 25,000 Web sites that currently contain this attack or did in the past, according to a Google search for telltale signs within the poisoned sites.

Perhaps most alarming, Microsoft doesn't list any temporary fix or workaround for IE in their security advisory. Usually, with drive-by-download risks like these, you can temporarily turn off all Javascript, for instance, or change something in the registry. This time, Microsoft only says to read all e-mail in plain text rather than HTML, and lists no help for IE.

For Vista, Microsoft says in their advisory that IE 7's protected mode will defend against this attack in the new OS. The company also says that Outlook 2007 isn't affected because it uses Word to display e-mail by default. However, iDefense's Ken Dunham wrote that "trivial modification to existing exploit code makes it possible to attack Windows 2000 and all
service packs of Windows XP, and Vista."

Also, Ryan Naraine writes in his Zero-Day blog that the company that reported the flaw to Microsoft four months ago says the flaw affect Vista, and that an attack could theoretically hit Firefox as well.

Until there is a fix or at least a temporary workaround, I'd strongly recommend using an alternate browser such as Firefox or Opera, and turning off HTML e-mail viewing in Outlook. As mentioned, the attack could reportedly hit Firefox, but I haven't yet seen any reports of Mozilla's browser being targeted.

There's an unrelated but also dangerous attack going around in e-mail form. If you receive anything with a subject line of "Internet Explorer 7 Downloads," it's likely an attack.


For more on the .ANI threat:
PC World Zero-day feature
Microsoft Technet Blog entry
McAfee Blog entry
Arbor Networks Bulletin

Comments

Sounds like MS wants us all to be safe with VISTA. HA HA HA. No such word with MS

Dom2354
March 30, 2007
12:32 PM PT

So much for Vista.....

intrepid7
March 30, 2007
7:46 PM PT

It's pitiful.....All Linux has to do is stay the same and it keeps looking better all the time.

intrepid7
March 30, 2007
7:48 PM PT
Post a comment Post a comment
Recent Posts
Recovering a Stolen Laptop... via the Stolen Laptop
Caption Crunch: The Robo-Governator
Microsoft to Offer Office 2007 SP1 via Automatic Update
The Return of the Free PC?: Bank Gives Away Eee PCs with New Account
RIAA Clings to DRM and the Past: It's Time to Look Forward
Apple Offers Credit For Older-Generation iPod Owners
'Net Neutrality': A Nettlesome Question
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers