This is striking. Following the recent news of a serious Scob attack ...
Kaspersky Labs, a leading information security software developer, announces a new case of mass infection, caused by a combination of malware and unsanctioned access to computer systems. Web servers running Microsoft Internet Explorer (ISS) 5 are affected, and individual computers will become victims when the user views an infected site using Internet Explorer. An unusual method is used to infect victim machines. Web servers are compromised using a JavaScript Trojan, Trojan.JS.Scob.a. It is not yet clear whether the servers have been compromised via a new vulnerability, or an already documented one. When Internet Explorer is used to view a site on an infected server, the Trojan will take control of the victim machine, and redirect the browser to a site containing a PHP script. This is done using an unknown vulnerability in Internet Explorer. A version of Backdoor.Padodor (w, x, y, or z) will then be installed on the victim machine. This spy program enables full remote control over victim machines. Kaspersky Virus News (Saturday, June 26, 2004)
... the Microsoft owned Slate carried this surprising advice:
"Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole," the BBC warned. (Disclosure: Microsoft owns Slate.) CNET reporter Robert Lemos zeroed in on why the attack was so scary. "This time," he wrote, "the flaws affect every user of Internet Explorer." That's about 95 percent of all Net users. No matter how well they had protected themselves against viruses, spyware, and everything else in the past, they were still vulnerable to yet another flaw in Microsoft's browser.Scob didn't get me, but it was enough to make me ditch Explorer in favor of the much less vulnerable Firefox browser. Firefox is built and distributed free by the Mozilla Organization, a small nonprofit corporation spun off last year from the fast-fading remnants of Netscape, which was absorbed by AOL in 1999. Firefox development and testing are mostly done by about a dozen Mozilla employees, plus a few dozen others at companies like IBM, Sun, and Red Hat. I've been using it for a week now, and I've all but forgotten about Explorer.
Link via Kottke
