Microsoft released the patch MS08-078 to resolve this issue. If you have the windows update option turn on, you should get it automatically, if not you have to do it manually.

Update December 18, 2008

Stealing password through the internet explorer browser

For people who don’t know and if you are using IE, it is recommended to use another browser until the problem will be resolved by Microsoft. It has been detected days ago that hackers found out a serious security flaw breach, from IE5 to IE8 Beta 2 but more particularly in IE7, to steal personal datas. The flaw in Microsoft's internet explorer could allow criminals to take control of people's computers and steal their passwords. Trend Micro said that more and less 10000 websites are compromised and that until now, the exploit is stealing game passwords but criminals can adapt it to steal more important information, it is just a question of modifying the payload the trojan installs.

Until a patch will be created, Microsoft advised us to be vigilant when surfing to internet meanwhile they suggested to set all security zone settings to “high” and offered a workaround on this following page "Microsoft Security Advisory (961051)”.

The SANS Internet Storm Center reported that hackers broke into legitimate web sites and uploading code that could install data-stealing software on the machine of a visitor of the site using IE.

Experts recommended people to switch from IE to another browser like firefox, chrome or opera until a fix will be found but like you can guest, Microsoft said the contrary. From their opinion, just for this one flaw, it doesn’t worth to switch and this exploit seems to affect 0.02% of internet sites.

But it seems that the Microsoft workaround doesn’t work properly. For example, they recommend to enable “data execution prevention” in “advanced” tab from internet options – this option can be activated only if you are log as administrator. To put all security zone settings to “high” will prevent to load properly IE in some websites because it will disable the active scripting.

Moreover, they say to deregister the file system “oledb32.dll” to mitigate this breach by running this below command in prompt (type “cmd” in run field).

regsvr32.exe /u "Program Files\Common Files\System\Ole DB\oledb32.dll

In some machines, the error message “action could not be performed” can appear !!!

The Spamhaus Project reinforced the message done by Trend Micro saying that it won’t be long before someone reverse engineers this exploit for more fraudulent purposes and that the Trend Micro's advice of switching to an alternative web browser is very sensible.

And last thing, don’t trust your antivirus program because according to virustotal.com, only 4 out of the 32 programs detect the malware like malicious or suspicious.

December 17, 2008

 

Previous

Next