CINXE.COM
USATODAY.com - Security risks swell for Microsoft's Explorer
<HTML> <HEAD> <SCRIPT LANGUAGE="JavaScript">OAS_listpos = "PageCount,NavBottom120x90,Top728x90,Zaplet1,FloatBottom,Bottom468x60,VerticalBanner,Poster3";</SCRIPT> <SCRIPT LANGUAGE="JavaScript" src="http://js.usatoday.com/_common/_scripts/_oas/mjx-base.js"></SCRIPT> <TITLE>USATODAY.com - Security risks swell for Microsoft's Explorer</TITLE> <!--#include virtual="/_common/_includes/_headers/header2003.ssi"--> <SCRIPT language="JavaScript" src="http://js.usatoday.com/_common/_scripts/css_overridev2.js"></SCRIPT> <meta name="PUBDATE" content="Jul 02, 2004"> <meta name="PUBTIME" content="07:49 AM"> <meta name="DESCRIPTION" content="Using Microsoft's Internet Explorer Web browser to surf the Internet has become a marked risk even with the latest security patches installed. That's the upshot of the discovery of yet another Internet Explorer security hole being exploited by..."> <meta name="KEYWORDS" content="td, Explorer, Microsoft, bank, security, border, Neil Charney, security hole, cyberthreats, patches, Jon Swartz, attack, Citibank, usatoday, front, notch, intruders, FBI, log, surf"> <!-- 05/16/2005 - 04:52 PM --> <!-- EdSysObj ID="script_container" FRAGMENTID="3103373" rberthol --><LINK rel="stylesheet" href="http://css.usatoday.com/_common/_styles/tech_styles.css" type="text/css"/> <SCRIPT LANGUAGE="JavaScript" src="http://js.usatoday.com/_common/_scripts/clickability-tech.js"></SCRIPT><!-- /EdSysObj --> <style type="text/css"> <!-- .style1 {color: #0000FF} --> </style> </HEAD> <body bgcolor="#FFFFFF" leftmargin="3" topmargin="3" marginwidth="3" marginheight="3" onLoad="usat.page.onLoad();"> <table id="cnt_ldb" width="770" border="0" cellspacing="0" cellpadding="0"> <tr> <td colspan="3" width="770" id="cnt_mast" valign="top" class="notch_header"><SCRIPT LANGUAGE="JavaScript">OAS_AD("Top728x90");</SCRIPT></td> </tr> <tr> <td colspan="3" width="770" id="cnt_mast" valign="top" class="notch_header"><!-- EdSysObj ID="CareersNav" FRAGMENTID="1094694" rberthol --><!--#include virtual="/_common/_includes/_tech/marketplace-inside-nav.ssi"--><!-- /EdSysObj --></td> </tr> <tr> <td width="120" height="1"><img src="http://images.usatoday.com/_common/_images/clear.gif" width="120" height="1" border="0"/></td> <td width="15" height="1"><img src="http://images.usatoday.com/_common/_images/clear.gif" width="15" height="1" border="0"/></td> <td width="635" height="1"><img src="http://images.usatoday.com/_common/_images/clear.gif" width="635" height="1" border="0"/></td> </tr> <tr> <td width="120" id="cnt_lnav" valign="top"><table id="lnav" border="0" cellpadding="0" cellspacing="0"> <tr> <td id="cnt_leftnav" align="RIGHT" valign="top"><!-- EdSysObj ID="LeftNav" FRAGMENTID="1218227" mnguyen --><!--#include virtual="/_common/_includes/_tech/tech-front-lnav.ssi"--><!-- /EdSysObj --></td> </tr> <tr> <td align="right"><img src="http://images.usatoday.com/_common/_images/black.gif" width="120" height="1" border="0" vspace="5"/></td> </tr> <tr> <td id="cnt_dropdown" align="RIGHT" valign="top"></td> </tr> <tr> <td id="cnt_leftnavsrch" align="RIGHT" valign="top"></td> </tr> <tr> <td><img src="http://images.usatoday.com/_common/_images/clear.gif" width="1" height="7" hspace="0" vspace="0" border="0"/></td> </tr> <tr> <td id="cnt_marketing120" valign="top" align="right"></td> </tr> <tr> <td id="cnt_navbottom120X90" align="right"><SCRIPT LANGUAGE="JavaScript">OAS_AD("NavBottom120x90");</SCRIPT></td> </tr> </table></td> <td width="15"> </td> <td width="635" valign="top"> <!--clickabilityRefresh=15m--> <!--startclickprintinclude--> <table width="635" border="0" cellspacing="0" cellpadding="0"> <!--startclickprintexclude--> <tr> <td> </td> </tr> <tr> <td width="635"><!-- EdSysObj ID="TopRibbon" FRAGMENTID="3103583" scrow --><!--#include virtual="/_common/_includes/_tech/_ribbons/2003-tech.ssi"--><!-- /EdSysObj --></td> </tr> <tr> <td width="635"><IMG src="http://images.usatoday.com/_common/_images/black.gif" width="635" height="1" border="0"/><table width="635" border="0" cellspacing="0" cellpadding="0" height="45"> <tr> <td valign="top" width="100%"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="25" valign="middle"><!-- EdSysObj ID="MailPage" FRAGMENTID="2548010" rberthol --><!--#include virtual="/_common/_includes/toolbar.ssi"--><!-- /EdSysObj --></td> </tr> <tr> <td valign="top" height="1" bgcolor="#000000"><img src="http://images.usatoday.com/_common/_images/black.gif" width="1" height="1"/></td> </tr> <tr> <td class="datestamp" height="20">Posted 7/1/2004 9:45 PM Updated 7/2/2004 7:45 AM</td> </tr> </table></td> <td valign="middle" align="right"><SCRIPT LANGUAGE="JavaScript">OAS_AD("Zaplet1");</SCRIPT></td> </tr> </table></td> </tr> <tr> <td></td> </tr> <tr> <td id="cnt_secondhnav" valign="top"></td> </tr> <!--endclickprintexclude--> <tr> <td> <!--startclickprintexclude--> <TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="120" ALIGN="right"> <TR> <TD ALIGN="right" ROWSPAN="11" WIDTH="5"><IMG SRC="http://images.usatoday.com/_common/_images/clear.gif" WIDTH="5" HEIGHT="1" BORDER="0"/></TD> </TR> <TR> <TD ALIGN="right"> <SCRIPT LANGUAGE="JavaScript">OAS_AD("Poster3");</SCRIPT> </TD> </TR> <TR> <td align="left"></td> </TR> <TR> <td align="left"></td> </TR> <TR> <td align="left"></td> </TR> <TR> <td align="left"></td> </TR> <TR> <td align="left"></td> </TR> <TR> <td align="left"></td> </TR> <TR> <td align="left"><!-- EdSysObj ID="SandboxN6" FRAGMENTID="9914799" mnguyen --><!--#include virtual="/_common/_includes/_tech/_inside/va-topstories.ssi"--><!-- /EdSysObj --></td> </TR> <TR> <td align="left"></td> </TR> <TR> <TD ALIGN="left"><!-- EdSysObj ID="SandboxN8" FRAGMENTID="11137038" egiordan --><!--#include virtual="/marketing/email/_notches/tech.ssi"--><!-- /EdSysObj --><IMG src="http://images.usatoday.com/_common/_images/clear.gif" width="120" height="20" hspace="0" vspace="0" border="0" align="bottom"/><br/> <SCRIPT LANGUAGE="JavaScript">OAS_AD("VerticalBanner");</SCRIPT> </TD> </TR> </TABLE> <!--endclickprintexclude--> <DIV></DIV><!-- EdSysObj ID="SandboxLede" FRAGMENTID="12380058" mtrott --><span class="inside-head">Security risks swell for Microsoft's Explorer </span><div class="by-line">By Byron Acohido and Jon Swartz, USA TODAY</div> <div class="intro-copy">SEATTLE — Using Microsoft's Internet Explorer Web browser to surf the Internet has become a marked risk — even with the latest security patches installed.</div> <p class="inside-copy">That's the upshot of the discovery of yet another Internet Explorer security hole being exploited by intruders bent on swiping personal information from unwitting Internet users.</p> <table cellpadding="0" cellspacing="0" align="left"> <tr> <td><table width="190" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" class="notch_header" width="1"><img src="http://images.usatoday.com/_common/_images/clear.gif" width="1" border="0" height="10"></td> <td width="180" class="notch_header"> Safer Web surfing</td> <td rowspan="3" class="notch_header" width="1"><img src="http://images.usatoday.com/_common/_images/clear.gif" width="1" border="0" height="10"></td> <td rowspan="3"><img src="http://images.usatoday.com/_common/_images/clear.gif" width="10" border="0" height="1"></td> </tr> <tr> <td> <table width="100%" border="0" cellspacing="0" cellpadding="2"> <tr class="sidebar"> <td valign="top"><img src="http://images.usatoday.com/_common/_images/clear.gif" width="180" border="0" height="10"></td> </tr> <tr> <td valign="top"> <table width="99%" border="0" cellspacing="0" cellpadding="2"> <tr> <td class="sidebar" valign="top"> Tips for reducing breaches of Internet Explorer Web browser:<br> 1. Navigate to security settings. Set Internet zone to high.<br> 2. Stay up to date with security patches.<br> 3. Follow advice posted at <font size="1"><a href="http://www.microsoft.com/security/protect/default.asp" target="_BLANK">www.microsoft.com/security/protect/default.asp</a></font>.<br> <br> Sources: Microsoft, US-CERT</td> </tr> </table> </td> </tr> <tr class="sidebar"> <td valign="top"><img src="http://images.usatoday.com/_common/_images/clear.gif" width="1" border="0" height="10"></td> </tr> </table> </td> </tr> <tr> <td width="180" class="notch_header" height="1"><img src="http://images.usatoday.com/_common/_images/clear.gif" width="10" border="0" height="1"></td> </tr></table> </td> </tr> </table> <p class="inside-copy">The SANS Institute Internet Storm Center issued an alert this week about pop-up ads designed to download a program that keeps track any time a PC user clicks to the log-in page of 50 financial institutions worldwide. The program captures log-in information and sends it to another Web site, before the bank can encrypt the data.</p> <p class="inside-copy">In a similar attack discovered last week, intruders sprinkled invisible coding that accomplished much the same thing on Microsoft Web servers that serve up hundreds of high-traffic commercial Web sites. Both attacks appear to exploit security holes in Internet Explorer for which Microsoft has not yet issued a patch, says SANS researcher Tom Liston.</p> <p class="inside-copy">Security experts say the two new attacks likely have been in operation for weeks, infecting tens of thousands of PCs. Given the history of cyberthreats, they are bracing for copycat assaults.</p> <p class="inside-copy">"Internet Explorer's track record is such that the software just cannot be trusted right now," says Jeremiah Grossman, CEO of WhiteHat Security.</p> <p class="inside-copy">The FBI's Cyber Division is investigating, a spokeswoman says.</p> <p class="inside-copy">Banks in the USA, Europe, Asia, Australia and the Middle East — Citibank, Deutsche Bank and Barclays, among them — were among 50 targeted sites.</p> <p class="inside-copy">A Citibank spokesman says the bank, with 2 million online users, took steps to protect its Microsoft Web servers several weeks ago. However, the only thing banks can do to stop the most recent kind of attack is recommend that customers stop using Internet Explorer, says Joe Stewart, a researcher at security firm Lurhq. </p> <p class="inside-copy">The threat of increasingly sophisticated online fraud is "a reality that banks face across the world," says Chris Pepper, a spokesman for Royal Bank of Canada, one of the banks targeted. He says the Toronto-based bank had received no complaints from any of its 2.5 million online customers.</p> <p class="inside-copy">Banks contacted by USA TODAY would not say whether they are considering displacing Microsoft Internet Explorer as their primary browser.</p> <p class="inside-copy">Microsoft last week began advising customers to set the browser's Internet zone security on high. However, that could cause Web sites that use animation and graphics not to work, says Neil Charney, a Microsoft Windows product manager. Microsoft is working on a patch it plans to deliver later this summer in its Windows XP Service Pack 2, a free product upgrade.</p> <p class="inside-copy">"Vulnerabilities are not unique to IE. It's something all browsers share," Charney says. "Microsoft takes vulnerabilities very seriously, and we're working on a comprehensive fix."</p> <p class="inside-copy">The latest attack was discovered only because an alert worker at a technology company noticed a weird file that had implanted itself unseen on an employee's browser. </p> <p class="inside-copy">When SANS performed digital forensics, it discovered a new type of spyware that records log-ins. The filched log-ins were forwarded to a San Diego Web site, which was shut down Wednesday after SANS notified the FBI.</p> <p class="inside-copy">Meanwhile, some employers are experimenting with alternative Web browsers, including Opera and Mozilla. "People are allowed to surf with anything they want — except with Internet Explorer," says Mikko Hyppönen of F-Secure.</p> <p class="inside-copy"><i>Jon Swartz reported from San Francisco </i></p><script language="JavaScript"> if (((new String(navigator.type))==4)&&((new String(navigator.version)).indexOf("4.")!=-1)){ //setTimeout necessary for Netscape4 to render button window.setTimeout("MM_showHideLayers('rightsLinkNSlyr','','show');", 500); } else { eval(document.getElementById("rightsLinkButton").innerHTML = '<a href="javaScript:RightslinkPopUp()"><img src="http://images.usatoday.com/_common/_images/clickability-rightslinkBtn.gif" width="140" height="25" border="0" vspace="0" hspace="0"></a>'); } function RightslinkPopUp(){ var url = "https://s100.copyright.com/AppDispatchServlet"; var location = url + "?publisherName=" + escape( "USATODAY" ) // required, hard-coded + "&publication=" + escape( "USATODAY" ) // required, hard-coded + "&title=" + escape( "Explorer risks grow " ) // required + "&publicationDate=" + escape( "07/01/2004") // required + "&author=" + escape( "By Byron Acohido and Jon Swartz, USA TODAY" ) + "&contentID=" + escape( "http://www.usatoday.com/money/industries/technology/2004-07-01-cyber-threat_x.htm" ) // required + "&orderBeanReset=true"; // required, hard-coded PopUp = window.open( location, "Rightslink", "toolbar=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,width=650,height=550"); } </script><div class="inside-copy"><i></i></div><!--start data for usatc app<head-short><div class="front-head">Explorer risks grow</div></head-short><last-modified><div class="front-last-modified">7/2/2004 7:45 AM</div></last-modified><author><div class="author">By Byron Acohido and Jon Swartz, USA TODAY</div></author><location><div class="location">SEATTLE</div></location>--><!-- /EdSysObj --></td> </tr></table><!--endclickprintinclude--></td> </tr> </table> <table id="cnt_page" width="770" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="120"> </td> <td width="15"> </td> <td width="635" valign="top"> <table width="500" border="0" cellspacing="0" cellpadding="0"> <tr align="center"> <td align="center" valign="top" width="500"><SCRIPT LANGUAGE="JavaScript">OAS_AD("FloatBottom");</SCRIPT><!--#include virtual="/_common/_includes/2005-subscribe.ssi"--><SCRIPT LANGUAGE="JavaScript">OAS_AD("Bottom468x60");</SCRIPT><img src="http://images.usatoday.com/_common/_images/black.gif" width="500" height="1" border="0" vspace="5"/></td> </tr> <tr> <td id="cnt_bbox_botnav" align="center"><!-- EdSysObj ID="BottomNav" FRAGMENTID="726" rberthold --><!--#include virtual="/_common/_includes/bottom-nav.ssi"--><!-- /EdSysObj --></td> </tr> <tr> <td id="cnt_bbox_botnav" align="center"><!-- EdSysObj ID="Copyright" FRAGMENTID="723" rberthold --><!--#include virtual="/_common/_includes/copyright.ssi"--><!-- /EdSysObj --></td> </tr> </table></td> </tr> </table> <SCRIPT LANGUAGE="JavaScript">OAS_AD("PageCount");</SCRIPT> </body> </HTML>