“Hackers sent a chill across the Web last week when they engineered a way to take over Microsoft-designed Web servers [IIS] to spread a virus onto Windows PCs. The virus was planted on Windows computers when they visited Web sites that had been attacked. Macintosh computers were not affected…,” Al Fasoldt reports for The Syracuse Post-Standard.
“The breach in IIS security is considered extremely grave, considering the way hackers forced the IIS systems to become virus servers. Basically, when a Windows PC running Internet Explorer asked for a page from one of the hacked Web sites, it got both the page and the Scob Trojan at the same time. There was no outward sign that anything was amiss. Internet experts pointed out that the infected Web sites were all standard sites – all ‘trusted sites,’ in the words of one of the security experts,” Fasoldt reports. “… [The Scob Trojan works by] logging keystrokes on the infected Windows computer with the aim of collecting passwords and financial data.”
“This much was known as of midweek: Only Windows computers are affected… if they use Internet Explorer… There is no fix for the problem as of yet… The version of Internet Explorer used on Macintosh computers is safe. Apple Computer’s own browser, Safari, is also safe. Apple’s Macintoshes do not work the way Windows computers do, and viruses aren’t able to get the same kind of foothold on Macs… Web servers other than IIS were not vulnerable to this attack,” Fasoldt reports.
Full article here.
Well, well…. Here we go again. Can we skip all the double talk and lame excuses and get right down to it?
WINDOWS IS A PLAGUE ON SOCIETY!!!!!
(first post…yeah, I’m that guy)
Oh my, this old, old, OLD news, MDN. I know this was a holiday weekend, but this story hit early last week and there have been lots and lots of subsequent stories about how CERT has recommended that users move away from M$IE and use Firefox or Mozilla until IE has been “fixed”. Pretty slow on the uptake, guys. I mean, even As the Apple Turns ( http://www.appleturns.com ) was able to get in a good jab or two before hitting the long weekend. What happened?
so why did u click it?
must be nice to be perfect and never take a break. i guess u will stop paying for MDN now.
:p
BuriedCaesar, the article they’re linking to and quoting was just published on Sunday, July 4th in the Syracuse Post Standard. They already posted stories about this issue last week. But this is still a major story, and until it’s resolved by Microsoft (or all the IE users in the world switch over to Mozilla Firefox or Netscape, which is realistically UNLIKELY) it will continue to be a serious issue. MDN will continue to follow it as it is mentioned and reported on the various news sites. Even the Dept. of Homeland Security is recommending that users of IE switch, too.
I keep trying to get my family members and close friends to use firefox or switch to Mac. This weekend I had to sit through the pain of applying patches to my Grandmothers *gasp* Win ME computer, 16 critical, and 8 recommended patches. Most were for Outlook and IE. This all on a dial up connection. Reminded me of trying to patch my old IBM aptiva with 95 on it. God why did it take so long for me to see the light? Anyway taught the grandmother to use firefox, she seems to like the tabs feature, but she will still have to use IE for her MS internet Bridge game. Whatever works for her. Adaware caught 136 malwares on it. I just dont understand how people continue to apologize for and look to MS for answers.
I hate IE, tried not to use it for the Mac, and I loved seeing Safari released.
This browser is the best I have used. Although, I haven’t used many at all, Safari does all I can think of nice and quick.
This is old news. Jawn…
Its funny even Paul Thurrot is saying to install Firefox over IE.
“The breach in IIS security is considered extremely grave…”. It appears that there is now a level above “critical”. I suppose there are still descriptive words on higher levels of importance, like “grim”, “gruesome”, “catastrophic”, and “cataclysmic”.
Kidding aside, I recall that this attack made its appearance back on 6/24 – over one week ago. Since this issue appears to be so important, I am wondering why Microsoft hasn’t yet released yet another patch to fix it. Not too long ago, my son was telling me that one of his IT instructors (a Microsoft “yes” man) told his class that if you haven’t patched [a wintel-based computer] within the past week, you’re way behind and in serious trouble.
For political reasons, Microsoft went to monthly patch release cycles. I guess that being forced to release patches every week was getting REALLY humiliating. With this latest scourge, it looks like Microsoft will have to forgo the monthly patch release and get this one out right away – that is assuming they actually have an idea on how to fix this one.
Double yawn. Last April there was 958 new windows virus. They should say it every time that now there is over 86 thousand viruses for windows that would give people the right perspective every time. Mac magzs could say like windows 86453 vs Mac 0.
Every time when I talk with people who defends windows I simply remind them about this fact. If they continue I drop another bomp and remind that there is over 28000 piece of spyware etc..
After that they are so ready to switch.
…Of course I finalize that with showing iTunes/iPhoto/iMovie/iDVD/GarageBand etc.
100% of my friends and relatives who have bought a new computer with in 12 months have bought a Mac.. 80% of them used PC before.
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
100% of their friends who bought a new computer within 12 months have bought a Mac… 100% of them used PC before.
I have noticed that convincing people to buy a Mac is relatively easy. Just scare them to near death with the viruses and spyware (run norton) and then show your own Mac with iLife. They do not know what hit them
thurrott must be proud of his ‘obscurity’ stance…
as the mac market dwindles, the viruses or security alerts dwindle…
actually, i had a thought on Mac market share…
well if Apple thinks macs can last longer than dells, maybe it could put its money where its mouth is…
how about a decreasing lease on macs?!
sounds retarded and complicated? it is…
Dells.. you can get a new one for $400 every year..
so what if Macs costed $400 for the first year, then $300 for the next year, then $200, then $100…?
you would ‘rent’ the comp…
how much does your mac cost for one year.. dells cost $400/yr + virus software
I can beat a Dell, Walmart has a PC for $200.
And both are pieces of shit, along with the OS installed on them.
PC Magazine says turnover rate for Dells is a mere 2 years on average.
Mac’s are 4 years on average.
So a $800 bare bones Dell is $400 a year.
A $800 eMac is $200 a year and no virus software needed. LOL
Windows users are fools, caught in the “cheaper now” but higher turnover trap. Like buying cheap furniture that breaks in under a year over and over again.
No wonder Mac users are rated as smarter than PC users.
mike
how much the computer costs is not the issue. 100% of my friends and relatives and their friends have understood that little more frees them from huge headache and it is worth every cent. Now when they have bought their first or second Mac there is no going back because they now have their life back with iLife.
Besides Dell costs more than Mac after entry level. eMac costs just little more than entry level Dell.
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
PS BTW. dells cost $400/yr + virus software. ie they get over 950 new viruses for free every month! That is a bargain.
Trash dumps are filled with Packard Bells and Dells — the so-called installed base of Windows.
What I’d like to know are the names of some of the “hacked”, “trusted” websites that are running IIS and have become virus servers? I know they don’t want their names publicized, but I think the public has the right to know who infected Grandma’s Winblows PeeCee.
It seems Microsoft had patches for this but didn’t release them:
“A major Windows XP upgrade, known as a service pack, is due out this summer and would plugs some holes in IE. Last week’s outbreak would not have occurred had those software plugs been installed, said Gary Schare, a Microsoft security director.”
http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=22103619
One Guy from Finland
My new email signature:
Microsoft Windows…
� over 86,000 viruses
� over 28,000 pieces of spyware
…and climbing.
Even Slate (MS publication) recommended Firefox over IE. Disbanding the IE team and halting the IE development are the stupidest thing MS has done in a long time. When you know that your app is left behind and is full of security holes, you really should not stop develoing it even when it makes no money for you. Problems like this only make people think Microsoft is synonym with swiss cheese security. They may ignore it once or twice, but eventually even the die hard MS fanboys are forced to acknowledge the problem.