Explorer Exiled

There is a 0day exploit currently exploiting a critical flaw in Microsoft’s Internet Explorer.

If this is the first you’re hearing of this flaw, check out the link below to hear Defintel’s CEO, Chris Davis explain the situation:

CTV News – Exploiting Explorer

Researchers estimate that more than 10,000 sites are compromised. While in-the-wild exploits are currently targeting IE 7 on Windows XP SP2 and SP3, Windows Server 2003 SP1 and SP2, Windows Vista (including SP1) and Windows Server 2008, it’s important to remember that all versions of Internet Explorer, from IE5 all the way to IE8 Beta 2, are affected.
If a user visits a compromised site, malicious JavaScript code is injected into the browser, and Malware is downloaded onto the user’s computer. The Malware that gets installed on the user’s computer will likely remain nearly invisible to the average user. The goal of the attacker is not to disrupt a user’s online experience, but rather to remain inconspicuous for as long as possible. The Malware allows the attacker complete access to user’s computer and allows him to track everything you type into your keyboard.

Visit your legitimate online banking site and enter your user information? Now he’s got it.
Visit your favourite social networking site and chat with some friends? Now he’s got that too.

Microsoft intends to release a critical patch today, the second patch coming on Exploit Wednesday instead of Patch Tuesday in as many months. Back in October, Microsoft was forced to release an out-of-band patch to mitigate the extremely critical flaw in several Windows OS’.

In the meantime, users should use other browsers – FireFox, Chrome, Safari – whatever you like! Just not IE.

The general public is completely ill-equipped to deal with security events. Who knows how long it will be before the AV companies have signatures developed for this new exploit. And Microsoft surely isn’t losing any market share over yet another security debacle.

Why do we still treat online security as though the Internet only encompasses six guys at Berkeley? Everyone is online, from 5 year old girls to 95 year old men – they can’t all be expected to keep up to date with these vulnerabilities and exploits.

So, how do we help them?

The Enemy Within

Two weeks ago, users of AVG’s virus scanner awoke to a nasty surprise: their supposed security software had been updated to identify the file named user32.dll as malicious. Those people most keen to protect their computer systems followed the instructions as directed and deleted the file – only to find that they were now stuck in an endless cycle of reboots.

User32.dll is a core Windows file; and not, as identified by AVG, a Trojan Horse named PSW.Banker4.APSA or Generic9TBN. This is not the first time AVG has struggled with misidentifying Malware, nor is it the first time an Anti Virus company has recommended users remove core Windows files.

In December of last year, Anti Virus company Kaspersky Labs decided that a Virus existed within Windows Explorer, the graphical user interface for Windows itself. Thankfully, Kaspersky managed to catch the error before the damage was too widespread; though, I imagine the employees at the UK enterprise that was affected would tell a different story.

Even Microsoft is guilty of such casual coding. In 2007, Microsoft’s OneCare, an Anti Virus product, when used with Internet Explorer 7, was flagging Google’s Gmail as a Virus. Even Microsoft’s own product weren’t safe, with OneCare regularly quarantining or deleting all of the email in a user’s inbox.

AV companies tout their wares as the silver bullet for personal protection. You know this isn’t true. I know this isn’t true. So, why doesn’t everybody else?

It was bad enough that the generic, non-technical computer user didn’t know that his Anti Virus software is only protecting him from a small percentage of modern threats. Now we also have to let them in on the secret that their “protection” might sometimes do more harm than good.