IE Phishing Exploit Patched - Exploit finally patched after scam explosion

IE Phishing Exploit Patched
Exploit finally patched after scam explosion
(old news - 04:20PM Monday Feb 02 2004)
tags: security

The increase in the number of scammers taking advantage of the IE phishing exploit has led Microsoft to release an update before the "once-monthly" scheduled February 10th patch party. The patch (see MS security bulletin) tackles the phishing vulnerability on top of several other exploits. Discussion on what the patch fixes (and how well it works) can be found in both our Security and Microsoft forums.

After Microsoft failed to even acknowledge the exploit for much of January, it became popular with scammers who began shifting their gaze from Paypal and ISP customers to customers of banks and other financial institutions like FDIC. As we mentioned last week, part of Microsoft's solution was to eliminate IE's ability to recognize user name and password authentication in HTTP or HTTPS URLs. The update fails to address a related exploit discovered last week by a Danish security firm that allows sites to falsify the extension of a downloadable file.

37% Of Malware Originates In U.S.

Using PS3's To Forge Site Certificates

PA Man Charged With Selling Hacked Cable Modems

Wednesday Evening Links

New Botnet Targets Routers, Dumb People

FoxNews.com Serving Up Infected Ads?

Uh, Mom? The Air Force Just Attacked Our PC

T-Mobile Systems Hacked?

Forums » IE Phishing Exploit Patched


	view: topics flat text	Post a:

tonekilla Pipe Dreams Premium join:2003-07-26 Gunnison, MS clubs: 1 edit	finally. took about 4 months too long. edit - 1st post
	permalink · 2004-02-02 15:22:32 ·

Rally1 join:2000-06-12 Irvine, CA ·AT&T U-Verse	Re: finally. And it is part of the "Windows Update, Critical". Not critical enough to fix it a long time ago I guess. It did succeed in turning me onto Firebird, so that's a plus "newly discovered vulnerabilities in Internet Explorer"
	permalink · 2004-02-02 15:28:02 ·

Omega Displaced Ohioan Premium join:2002-07-30 Cheyenne, WY clubs: ·Verizon Wireless B.. ·Comcast ·AT&T Midwest	said by tonekilla : took about 4 months too long. You got that right. They should have fixed this within a few weeks after discovering it. -- "The doctor's X-Rayed my head and found nothing" My site
	permalink · 2004-02-02 15:37:42 ·

ThunderCorp join:2002-03-11 Chula Vista, CA	I guess it doesn't matter for me. I use Mozilla Firebird on Windows and Safari on the Mac. Besides, with Firebird on Windows, I rarely need to run Adaware like I used to with IE.
	permalink · 2004-02-02 16:03:30 ·

Lee GWB Yaco Premium join:2001-10-13 Allendale, NJ	IE?? Whats that.. Go with Mozilla..Firebird..MUCh much better..:) Lee -- I don't feel Tardy
	permalink · 2004-02-02 18:35:58 ·

cpm0813 join:2002-03-29 Ramsey, NJ	Got it Just got it off Windows Update.
	permalink · 2004-02-02 15:26:00 ·

tonekilla Pipe Dreams Premium join:2003-07-26 Gunnison, MS clubs:	Re: Got it yeah, I got it too... the server is a little slow right now, guess its because of the rush of ppl downloading this patch. . atleast we know there are alot of security-minded pc users these days as well as the n00bs with no firewill or av.
	permalink · 2004-02-02 15:27:12 ·

johnsea Cool Down Premium join:2003-01-26 Canada	Re: Got it yeah, I got it too... the server is a little slow right now, guess its because of the rush of ppl downloading this patch. . HAHA, its a windows server, waht do you expect?
	permalink · 2004-02-02 16:23:14 ·

Jeremy341 Bye Premium join:2000-01-06 localhost	Re: Got it said by johnsea : HAHA, its a windows server, waht do you expect? Yeah, because bandwidth is OS dependent.
	permalink · 2004-02-02 16:37:13 ·

pH1 Rawr join:2001-12-31 Canada	Re: Got it said by Jeremy341 : said by johnsea : HAHA, its a windows server, waht do you expect? Yeah, because bandwidth is OS dependent. The speed a server is able to send data is not just dependant on available bandwidth. I think he was trying to say windows will fall over under any minor load.
	permalink · 2004-02-02 16:39:31 · Print ·

johnsea Cool Down Premium join:2003-01-26 Canada ·Aliant Communicati..	Re: Got it said by pH1 : said by Jeremy341 : said by johnsea : HAHA, its a windows server, waht do you expect? Yeah, because bandwidth is OS dependent. The speed a server is able to send data is not just dependant on available bandwidth. I think he was trying to say windows will fall over under any minor load. Exactly Rawr, that is what I meant
	permalink · 2004-02-02 16:40:35 · Print ·

Jeremy341 Bye Premium join:2000-01-06 localhost	said by pH1 : I think he was trying to say windows will fall over under any minor load. Well even if that's what he was trying to say, it's still wrong.
	permalink · 2004-02-02 16:52:03 ·

johnsea
Cool Down
Premium
join:2003-01-26
Canada

·Aliant Communicati..

2 edits

Re: Got it

Sure, you can think that. Linux servers are more realiable. Try FreeBSD, that is even better!

I mean, who wants a server that you have to restart every 42 or 45 days. That is when they crumble.

Linux servers can go on for years. Love to see when a Windows server that could do that.

Oh sure, Windows is easier to use, but can you sacrafice that for throughput ((speed)) and realiability?

I'll go my way and you go the highway. I bet lots of people can back me up.

C ya, got to leave fro school, before I claw my face off.

permalink · 2004-02-03 05:56:09 · Print ·

Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX

·AT&T U-Verse

·RoadRunner Cable

·AT&T Yahoo

If you think Windows Update is slow now, wait until
Mydoom.B carries out its threatened DDoS attack on
Microsoft. That is supposed to happen tomorrow. As for
the error messages others were reporting with this patch,
I got none of them. It helps that this is a newly built
PC I'm on now with a clean install of Windows XP SP1a
from the OEM CD I bought with the hardware.
--
"Kayura or Badamon, whichever you are, you should know that I will never give up this battle. By the will of the Ancient, I shall succeed!" - Shuten (Anubis) from the Ronin Warriors.

permalink · 2004-02-02 20:53:17 · Print ·

coloredeyes join:2004-01-31 Red Lion, PA	Yeah I got it all right! Rebooted and loaded windows and I got the infamous message.."Windows has just recovered from a serious error" Strange how things happen right after an update. Give me linux and all my windows compatible graphic programs and software to run on linux and I would never deal with MS again. CE
	permalink · 2004-02-02 20:47:52 ·

Affliction @bc.ca	Ugh... I just wish they hadn't set up that idiodic "once-a-month" thing. If people are too lazy to check for patches themselves every now and again, then they deserve to have their comp crippled.
	permalink · 2004-02-02 15:33:35 ·

k6az

join:2003-09-13
Powhatan, VA

Re: Ugh...

That is not why they did the once a month thing. They did it because of the bad publicity they were getting by releasing a critical patch every couple of days. Releasing a rollup patch once a month allows them to act like there aren't numerous security flaws in Windows. In the meantime, those of us who were updating frequently are just left hanging for weeks at a time because Microsoft wants to save face.

permalink · 2004-02-02 15:40:29 ·

Dustyn Premium join:2003-02-26 Ontario, CAN 1 edit	Re: Ugh... Just installed it. BETTER LATE THAN NEVER YOU GUYS!! It's also supposed to fix the scrolling issue.... EDIT: But then I have never encountered that issue? -- YOU SHOULD LEARN HOW TO SAY NO!! - Courtney Love
	permalink · 2004-02-02 15:51:31 ·

dadkins Can you do Blu? Premium,MVM join:2003-09-26 Hercules, CA	Re: Ugh... Is that what happened to 824145? I hated that patch!
	permalink · 2004-02-02 16:06:54 ·

Randy Bell Premium join:2002-02-24 Santa Clara, CA	said by Dustyn : It's also supposed to fix the scrolling issue.... EDIT: But then I have never encountered that issue? Well I sure did: on two different computers! {One running XP Home, another running 98SE} .. if they truly fixed that annoying scrollbar foulup, that's Good News indeed! -- "But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13)
	permalink · 2004-02-02 19:57:53 · Print ·

Dustyn Premium join:2003-02-26 Ontario, CAN	Re: Ugh... YUP! I CONFIRMED IT WITH A POST ON TECHNET, THEY FIXED IT ALRIGHT!!!! -- YOU SHOULD LEARN HOW TO SAY NO!! - Courtney Love
	permalink · 2004-02-02 20:30:20 ·

ArchAngel21x
MacFan Pro
Premium
join:2001-10-28
Lincoln, NE

·Internet Nebraska

I Don't Like Their New Plan

Ok, so Microsoft caved in this time and released a patch early. However how often will that happen? How many other people think it is silly to wait for a certain day of the month before releasing patches, no matter how bad it is needed? I think it's stupid.
--
I am the beginning. I am the end. I am forever, and I will continue to exist long after everything, even hope itself, has been destroyed.

permalink · 2004-02-02 16:03:08 ·

applelover Premium join:2002-04-15 Commerce City, CO	Re: I Don't Like Their New Plan Supposedly, if it is a critical flaw, patches should be released immediately. All others will be released on a monthly basis. -- Keep it pithy, if you wish to opine.
	permalink · 2004-02-02 16:45:16 ·

VWSpeedRacer

join:2002-10-06
Essex Junction, VT
clubs:

Here's the beauty of it all though... they set up this once a month thing to make themselves look better... and then caved to release a patch for a problem SO BAD that it you need to do RIGHT NOW!

So instead of people getting an uneasy feeling about patches every few days, they're getting scared because it's so bad it couldn't wait like all the other, "less important" patches could!!!

--
Daniel Gwozdz (VW Speed Racer)The Online Reader's Society --- Water-cooled Volkswagen World

permalink · 2004-02-04 01:10:55 · Print ·

cbrigante2 Cubs 20?? Premium join:2002-11-22 North Aurora, IL	Read the fine print I read the description of the critical update and if you believe that, it doesn't matter if you are using Firebird or not. If IE is on your system, you're at risk.
	permalink · 2004-02-02 16:06:26 ·

Amaethon join:2000-10-22 USA clubs:	Re: Read the fine print www.MOzilla.org
	permalink · 2004-02-02 16:17:38 ·

cbrigante2 Cubs 20?? Premium join:2002-11-22 North Aurora, IL	Again....according to the description, you can have any browser you want installed and think you're covered, but if IE is on your system (even not as default) you are at risk. Again, don't know many details....just reading what the update said.
	permalink · 2004-02-02 16:31:26 ·

Dustyn Premium join:2003-02-26 Ontario, CAN	Re: Read the fine print Thank you cbrigante2!! Your statement is so true. So many people just don't see this... Mozilla/Firebird is not a FIX, it's just covering up a problem that will continue to remain. -- YOU SHOULD LEARN HOW TO SAY NO!! - Courtney Love
	permalink · 2004-02-02 16:53:16 ·

RTFA

@xx.charte

Nope. This is an IE browser-only flaw. If you're using anything else, you're safe. Even if it's still installed since the flaw has to do with the interpretation of the URL by the browser.

If you're using IE, search out a phishing test site and you'll see you're vulnerable...of course unless you cripple your system with their "patch".

This was the final straw for me, a new Mozilla user. And yes, it works better I should have switched ages ago.

permalink · 2004-02-02 21:23:01 ·

RTFA @xx.charte	Re: Read the fine print Adding: ...and you can demonstrate this by opening IE & Mozilla side by side on a phising test page. IE breaks, Moz catches it.
	permalink · 2004-02-02 21:24:52 ·

Dustyn Premium join:2003-02-26 Ontario, CAN 1 edit	Re: Read the fine print mozilla is not the fix.
	permalink · 2004-02-02 23:59:45 ·

hopeflicker Capitalism breeds greed Premium join:2003-04-03 Long Beach, CA 2 edits	Re: Read the fine print When it comes to the phishing thing it is.
	permalink · 2004-02-03 01:31:53 ·

tenken join:2003-10-26 Lexington, VA	Mozilla will never be a fix for an inherent IE problem. Mozilla is a replacement so that you never have to run into the problem again...
	permalink · 2004-02-04 15:47:30 ·

hpguru Curb Your Dogma Premium join:2002-04-12	said by cbrigante2 : If IE is on your system, you're at risk. You really should rephrase that. How about this? "If you have a system, AND you are a friggin idiot, you are at risk." Much better. -- Blue mountains after rainfall - much bluer.
	permalink · 2004-02-02 20:23:30 · Print ·

cbrigante2 Cubs 20?? Premium join:2002-11-22 North Aurora, IL	Re: Read the fine print You guys are pretty funny. I'm just reposting what MS said on the patch itself. I will post the EXACT wording in a few minutes, and yes, EVEN IF YOU USE MOZILLA, you are at a REDUCED RISK. Reduced does not mean NO RISK.
	permalink · 2004-02-03 08:37:07 ·

cbrigante2
Cubs 20??
Premium
join:2002-11-22
North Aurora, IL

Re: Read the fine print

Identified security issues in Internet Explorer could allow an attacker to compromise a Windows-based system. For example, an attacker could run programs on your computer while you view a Web page. This affects all computers with Internet Explorer installed (even if you don’t run Internet Explorer as your Web browser). After you install this item, you may need to restart your computer.

Now from reading what the patch says, anybody with Windows (xp or 2000) is at risk.

permalink · 2004-02-03 08:55:29 ·

Browser Bob @xx.charte	Re: Read the fine print Try opening both browsers side by side on the IE phising test page and you'll see it is the only one affected.
	permalink · 2004-02-03 18:11:56 ·

Wall9 Tell Me, Did You See It Too? Premium join:2002-06-25 Dupo, IL	Fix it don't fix it Fix it faster. Blah blah blah. That's why there's Linux.
	permalink · 2004-02-02 16:42:13 ·

cbrigante2 Cubs 20?? Premium join:2002-11-22 North Aurora, IL	Linux Fixes Again, Linux is not the magic bullet that is virus and hacker proof. The more exploited OS by far is Windows, but it is more used by far as well.
	permalink · 2004-02-02 17:17:52 ·

rchdjellis

join:2001-01-14
Narberth, PA

Geeks Only!

We have all read about this problem for over a month.
As a result we do not trust where we are going, especially when clicking links in E-mail.
WE CAN READ (and understand) Microsoft's problem / fix description.
But how about JOE USER?

Also, note that the "fix" disables a feature that still works (so I'm told by others here) in other browsers. Instead of displaying in a "geek" way the non-printable characters, Microsoft has chosen not to display/use any characters preceding an '@' in a URL (I may be wrong in my interpretation, sorry).

I realize that the typical end user probably wouldn't spot the exploit, even if it were presented to him/her IN BOLD LETTERS but forcing web sites to rewrite their sites to accommodate Microsoft's fix (and thus probably disable the feature in other web browsers) is sheer idiocy!!!

Enough is enough. Let's make fixes that address the problem, not that make JOE USER think that he knows what's going on - he doesn't.

I've been using Mosaic/Netscape/Mozilla/Phoenix/Firebird for everything for years. The only time I use IE is for testing web page compatibility (and believe me there ARE problems).
I have also used Opera, but it doesn't work quite right (especially with a non-visible frame).

MICROSOFT!! PLEASE THINK ABOUT WHAT IS RIGHT vs. THE DUMB USER!

permalink · 2004-02-02 18:15:41 · Print ·

toronto2001 Premium join:2001-08-10 Markham, ON	Re: Geeks Only! I have Win XP Pro No SP1. Does this affect me?
	permalink · 2004-02-02 18:29:08 ·

GercekSeytan Premium join:2001-10-19 RoT	Re: Geeks Only! YES!
	permalink · 2004-02-03 03:40:42 ·

Logwind

join:2003-06-20

"@" unrecognizable?

I heard a few days ago that an impending MS phishing patch would render IE not being able to recognize websites that use the "@" symbol in their URLs. I frequent several websites that use the "@" in the URL when logged in (e-mail is used as a user name).

Can anyone who has installed the patch check and see if IE (I'm running 6.0) will still recognize URLs with the "@" symbol before I go ahead and install it myself?

Many thanks.

permalink · 2004-02-02 18:47:12 ·

detth Onemhz On Aim join:2000-10-06 Astoria, NY	Hold on there How is this considered patched? They disabled the username:pass@site feature.
	permalink · 2004-02-02 18:58:30 ·

See 12 replies to this post

amejr999 Eric Premium join:2001-01-13 Fair Lawn, NJ clubs:	SP2 Is this update necessary/compatible with XP SP2?
	permalink · 2004-02-02 20:10:16 ·

CPM join:2001-08-24 Miami, FL	Re: SP2 well you SP2 is beta. So, I am going to take a guess and say no. That is more reasons to wait until SP2 is no more a beta.
	permalink · 2004-02-02 20:34:15 ·

PunkGod join:2003-02-02	Is it just me? When I update a critcal patch it doesn't remove it off of the windows update list so I have no real way of knowing if it installed the patch or not.
	permalink · 2004-02-02 20:47:49 ·

See 6 replies to this post

your comment..

Forums » IE Phishing Exploit Patched


Sunday, 05-Jul 08:48:17	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9.5 years online! © 1999-2009 dslreports.com.

finally.

Re: finally.