Internet Explorer exploit prompts SANS to change the Internet Status to Yellow.


Publication of Zero-day Exploit in Internet Explorer prompts SANS to change the status of the Internet to Yellow today.

http://isc.sans.org/diary.php?storyid=877

Mike Poor, an incident handler for the SANS Internet Storm Center, has changed the status of the Internet’s Security from Green to Yellow.  This is due to the publication of an exploit code for a JavaScript vulnerability in Internet Explorer, combined with the lack of a patch for this issue.

Previously, the vulnerability was only known to cause Denial of Service on computers when they visited sites with malicious JavaScript code on it.  But, a group in the United Kingdom known as Computer Terrorism, has released an exploit code today which allows the malicious sites to run executable programs such as .exe, .com, .bat, .cmd amongst others on the computers that visit the sites.  

The recommendation is to either disable JavaScript in Internet Explorer, or to use another browser such as Firefox (http://www.mozilla.org) or Opera (http://www.opera.com) instead.  Be advised that with Firefox, there are other security issues that you may face as well.  So, regardless of what actions you take, be careful where you surf.  

At this time, someone who wants to use this vulnerability has to trick the user into clicking on a link to their website.  They’ll probably use techniques like posting the links on forums, message boards, and other public places, and they’ll use e-mails with “Social Engineering” tactics as well.  

My advice to the public is this.  1)  Disable JavaScript or use a different browser altogether 2)  If someone new posts a link on your forum, and others haven’t confirmed or disputed it, don’t click on it.  Let the forum moderators check the links first.  3). If you get an e-mail with a link, and it sounds too good to be true (or if it’s not from someone you expect to receive a link from) don’t click it.  If it’s a person that you know, send them an e-mail back, asking about the link.  4). If you get the e-mails purporting themselves as being from your bank, PayPal, or somewhere else that you do business with, manually put the link that you NORMALLY would use into your web browser.  Do NOT copy their link, even if it’s the same one.  And, definitely do not click their link.  Now is definitely not the time to be lazy or lackadaisical and choosing to ‘click their link, instead of taking the time to type it in myself’.

You’ll notice in a post below, that I have the SANS Internet Storm Center button.  You can check back here on a regular basis to see if it’s changed or not.  Or, you can download their “InfoCon” desktop notifier from their website.  Good luck, surf safely, and have a great day.

Patrick.

Leave a comment

Your email address will not be published. Required fields are marked *