More Internet Explorer Problems
by Arie Slob
Hello Windows users,
Microsoft's aging browser Internet Explorer (version 6 was first released in October 2001), is continuing to show that it needs a complete overhaul.
Last year in November, a Chinese researcher discovered multiple vulnerabilities in Internet Explorer (versions 5.01, 5.5 and 6) that were reported on the Secunia security Web site.
Microsoft has been reportedly working on issuing a comprehensive fix for these issues, but testing is taking a long time. This week Microsoft published a Knowledge Base Article under the title: Microsoft plans to release a software update that modifies the default behavior of Internet Explorer for handling user information in HTTP and HTTPS URLs.
This is going to create a number of problems, notably for Web site management software, which frequently uses the http(s)://username:password@server/resource.ext syntax Microsoft is planning to remove support for.
The move is a response to the increasing use of this technique to open a deceptive (spoofed) Web site by malicious users. Many of these involve fake AOL, PayPal or banking Web sites, where unsuspecting users are conned to part with their credit card & personal details.
According to a recent FTC report, 43 percent of all consumer fraud complaints are related to Identity theft.
Just a day after Microsoft published their announcement that a fix would be forthcoming, security Web site Secunia published another advisory, outlining a vulnerability in Internet Explorer that allows malicious Web sites to "spoof" the file extension of downloadable files. Internet Explorer can be tricked into opening a file with a different application than indicated by the file extension by embedding a CLSID (a long numerical string that relates to a particular COM object) in the file name. This could be exploited to trick users into opening "trusted" file types which are in fact malicious files.
This latest exploit seems to be far from new, however. Georgi Guninski reported a similar trick almost three years ago, which involved an embedded CLSID to trick you into believing you were opening a text file, when in fact you had opened a .hta (HTML Application - executable) file. Guninski informed Microsoft in April 2001, and the fact that this was never fixed may be an indication it is nearly impossible to fix (without breaking functionality that has been used for years).
New "Mydoom/Novarg" Worm Breaks Record
Well, unless you have been living under a rock this week, I'm sure you have heard about the latest email worm going around the Internet.
The worm is mostly known by the name "Mydoom", but some Anti Virus firms have called it "Novarg". It started spreading on January 26th. It is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip (the worm also spreads over the Kazaa P2P network).
When a user clicks on the attachment, the worm will start Notepad, filled with random characters and it will immediately start to spread further. On infected computers, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can allow an attacker to connect to gain access to infected computers afterwards.
The worm will perform a Denial of Service (DoS) attack starting on February 1, 2004, from every infected computer against the website www.sco.com, which belongs to SCO, a well known Unix vendor.
Within two days of discovery, Mydoom has already spread more than Sobig.F, which spread massively in August 2003 and until now has held the title of the fastest spreading email worm in history.
One thing that "helped" Mydoom to spread so fast is the fact that unlike most other recent email worm outbreaks, Mydoom was found in the middle of business hours in USA and several large corporate networks got infected immediately.
Current estimates show that between 20% - 30% of all email traffic worldwide is generated by this worm. On our server so far this week 35.7% of all email messages where virus infected (11,750 from 32,930), and Mydoom accounted for 98% of all infected emails.
For more information contact your Anti Virus software vendor. I'll include two links here:
Symantec - F-Secure
Microsoft Security Guides
Microsoft published a number of security guides this week:
Windows XP Security Guide - Securing Windows XP Clients
According to Microsoft, this guide includes settings for Windows XP clients deployed in a Microsoft Windows 2000 or Windows Server 2003 Active Directory domain, but it also discusses procedures for implementing Windows XP security settings in stand-alone clients.
Download Guide [2.37 MB]
Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP
This guide contains detailed information about relevant security settings that can be configured on Microsoft Windows Server 2003 and Windows XP. It also details the different threats, potential countermeasures, and the potential impact of configuring these settings.
Download Guide [1.39 MB]
Windows Server 2003 Security Guide
This guide focuses on providing a set of easy to understand guidance, tools, and templates to help secure Windows Server 2003 in many environments.
Download Guide [2.47 MB]
These guides all require Adobe Acrobat Reader, which can be downloaded for free from the Adobe Web site.
Recent Support BBS Postings
How do I backup the registry? - Windows XP
Build your own PC - Hardware
Internet Explorer won't expand to full screen - Internet Explorer
Workgroup member can't be seen - Networking
How to Remove Dual Boot? - Windows XP
Web Site Updates
These pages were added/updated in the past week. Information on previously updated/added pages is available on the What's New? page for 1 month.
New "Mydoom/Novarg" Worm Breaks Record
More Problems for Internet Explorer
Microsoft Publishes Windows XP Security Guides