New Internet Explorer exploit
Posted in Geekery on June 29th, 2004The SANS – Internet Storm Center reports that a new Browser Helper Object has been seen in the wild that, if installed, will monitor and capture login and password information before encryption / SSL and deliver this information elsewhere for capturing.
A “Browser Helper Object” is a DLL that allows developers to customize and control Internet Explorer. When IE 4.x and higher starts, it reads the registry to locate installed BHO’s and then loads them into the memory space for IE. Created BHO’s then have access to all the events and properties of that browsing session. This particular BHO watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries.
When an outbound HTTPS connection is made to such a URL, the BHO then grabs any outbound POST/GET data from within IE before it is encrypted by SSL. When it captures data, it creates an outbound HTTP connection to [web address deleted] and feeds the captured data to the script found at that location.
Folks, I’ve spent the last week and a half doing non-specific telephone computer support, and fully 80% of my calls have been virus or malware issues. I cannot stress how important it is to NOT use Internet Explorer due to the security issues and ease-of-compromise inherent in that product.
I highly recommend The Mozilla Foundation’s offerings, both the full suite and Firefox. If you feel that free software just can’t meet your needs and you absolutely must pay for something to get any value out of it, then go buy a copy of Opera. The differences between the two products are small enough you won’t really notice, and both are fully standards-compliant and secure.
I’ll get off my soapbox now.
Hollerings