FT.com | Tech Blog | IE broken: Password-stealing, keystroke-logging malware runs amok

IE broken: Password-stealing, keystroke-logging malware runs amok

December 17, 2008 2:46am
by Richard Waters

Eight days after a critical security flaw in Internet Explorer was publicised on a Chinese website, Microsoft is still working on trying to fix the world’s most widely used internet browser - and the bad guys are having a field day.

When news of the vulnerability was still only three days old, according to Microsoft’s researchers, there was already a spate of malware written to take advantage of it:

The exploit sites we’ve seen so far drop a wide variety of malware– most commonly password stealers like new variants of game password stealers like Win32/OnLineGames, and Win32/Lolyda; keyloggers like Win32/Lmir; trojan horse applications like Win32/Helpud along with some previously unseen malware which we generically detect as Win32/SystemHijack. We fully expect the variety of malware being dropped by this exploit to broaden as the exploit code starts to circulate around the Internet underground.

Two days later, Microsoft was warning that as many as 2m computers were already potentially infected by the password-stealers and other assorted bad stuff (assuming that there are some 1bn PCs in use around the world):

Based on our stats, since the vulnerability has gone public, roughly 0.2% of users worldwide may have been exposed to websites containing exploits of this latest vulnerability. That percentage may seem low, however it still means that a significant number of users have been affected. The trend for now is going upwards: we saw an increase of over 50% in the number of reports today compared to yesterday.

Three days on, and Microsoft is no longer prepared to talk about the effects of this nasty, rapidly-spreading problem. Instead, it is in heavy damage-limitation mode.

Teams of developers have been working tirelessly around the clock and a fix for the flaw will be released on Wednesday morning (West Coast time), a spokesman says. Computer users are fine as long as they follow the company’s security advisory - no need to switch to another browser just to be safe, he insists.

But even the Microsoft advisory didn’t do the trick, because the company had to revise the statement to make things “clearer” for computer users who were concerned enough to try to protect themselves. How clear, though, will this be to 1bn computer users around the world?

The recommendation that we made yesterday still holds: evaluate applying a combination of workarounds that both sets the Internet Explorer security settings to High and blocks access to OLEDB32.dll.

Got that?

Tags: microsoft, security

December 17, 2008 2:46am in Tech | Comment

Email Share Print

FT techblog: a guide

David Gelles, Joseph Menn, Chris Nuttall and Richard Waters in the FT's San Francisco bureau upload their views - plus tech insights from writers in New York, London and Tokyo
FT techfeed Our stream of tech consciousness. You can subscribe and see the full feed here.
FT techtalk A live multimedia and text conversation, combining the views of the FT's tech correspondents with reader comments and questions on the week's technology news, every Friday, at 0800 Pacific time (1500GMT, 1600BST).
Follow on twitter

Comment: To comment, please register with FT.com, which you can do for free here. Please also read our comments policy here.
Contact: You can write to the Tech bloggers using this email format: firstname.surname@ft.com
Time: UK time is shown on posts.
Follow: A link to the blog's RSS feed is at the top of the page. You can also read the Tech blog on your mobile device, by going to www.ft.com/techblog

FT Techblog's comments

Comment by editor
Are impression stats from mobile ad networks such a good indicator of handset market share? As impression stats vary with a network’s business model, a different network – say Millennial Media – would tell a different story about handset market share. No one has really noticed the discrepancy though because AdMob is the only network that pushes handset data into the media month after month. The silly thing is that when you see what some of these networks can do in terms of targeting, you realize there must be much more useful stats about behaviour of mobile users for example or types of mobile advertising that work best – (unlike handset sales data, you can’t easily get that sort of thing from Gartner, IDC et al). Don’t you think that would make these monthly reports much more interesting? To get a flavour of what mobile ad networks know about mobile users, see what they offer in terms of targeting: http://www.mobithinking.com/mobile-ad-network-guide
Comment by Mario Gamboa-Cavazos
How long until you move to OS X?
Comment by timothy spear
I feel your pain. I did mine as a dual boot (from xp) which I guess might be a safer option? Took ages to sort the email though
Comment by Michael Kenward
This is similar to my own experience. Two attempts to "upgrade" have so far proved fruitless. Vista to Windows 7 on my new(ish) laptop never got to a stage where the things would work and get the latest updates. An XP to Windows 7 update has been a week in the making. The goal is to create a dual-boot configuration. Supposedly an easy job, I am still trying to get it to work. Even when Windows 7 t does manage to boot up, a minute or so into a session I get the dreaded "BSOD". Fortuntely, neither of these are my key PCs. And I created a complete backup of the laptop before diving in. I quickly went back to Vista on that. So much for the promise that moving to Windows 7 is easier than any earlier Windows upgrade.
Comment by ciaran.byrne
You appear remarkably sanguine about the whole saga. I would be incandescent with rage. Why the almost seraphic stoicism?

About the authors

Richard Waters has headed the FT's San Francisco bureau since 2002 and covers Google and Microsoft, among other things. A former New York bureau chief for the FT, he is intrigued by Silicon Valley's unique financial and business culture, and is looking forward to covering his second Tech Bust.

Chris Nuttall has been online and messing around with computers for more than 20 years and since 2004 has reported from the FT's San Francisco bureau on semiconductors, video games, consumer electronics and all things interwebby.

David Gelles, a California native, has been hanging around and reporting on Silicon Valley for several years. He joined the FT's San Francisco bureau in 2008 and writes about social networking, clean tech and artificial intelligence.

Maija Palmer has been writing about technology for the FT since 1999 and is facinated by cybercrime, privacy and all the other issues of the information society. Based in London, she covers European tech companies and hopes that they won't all get acquired by American rivals.

Joseph Menn writes about tech security and privacy, digital media, and the computer industry from the San Francisco bureau. He spent a decade covering tech for the Los Angeles Times and therefore remembers the days when pre-revenue dot-coms handed out free bottles of champagne at their launch parties.

Robin Harding is the FT's technology correspondent in Tokyo, following the fortunes of Japan's videogame, semiconductor and consumer electronics companies. Before that, he was an FT editorial writer in London, having previously worked for various banks and asset managers.

Robin Kwong is the FT's Taipei correspondent and writes about the companies that manufacture the vast majority of the world's computers and gadgets. He is interested in the intricacies of the technology supply chain and how China is increasingly changing the tech landscape.

Tim Bradshaw is the FT's digital media correspondent. Based in London, he has covered start-ups such as Twitter and Spotify, as well as the online ambitions of more established media companies, such as the BBC iPlayer. He also covers the advertising, marketing and video-game industries. Tim has been writing about technology, business and finance since 2003.

Full list of the FT's blogs

Alphaville
The FT’s financial blog
Arena
A forum for topical debates
Brussels blog
Tony Barber on the EU's foreign and economic policies
Clive Crook's blog
The intersection of politics and economics in the US
Dear Lucy
Columnist Lucy Kellaway and readers solve workplace woes
Don Sull's blog
How to lead more effectively during turbulent times
Dragonbeat
A closer look at China’s economy, society and global impact
Economists' Forum
Leading economists debate issues raised by Martin Wolf
Energy Source
Insight into energy markets, companies and policy
FTfm blog
Views on the fund management industry
Gideon Rachman's blog
The chief foreign affairs commentator blogs on world affairs
Health blog
Discussion covering all aspects of healthcare
John Gapper's blog
John Gapper on business, finance, media and technology
Management blog
The latest thinking on the challenges facing managers
Money Matters
Insight into the personal finance industry
Money Supply
Our leading economics writers on market-moving economics
News blog
Follow the latest breaking news
Science blog
Clive Cookson looks at science developments
Undercover Economist
Tim Harford's blog on economics in everyday life
Westminster blog
The latest news and gossip from the UK’s political scene
Willem Buiter's Maverecon
The LSE professor on economics, politics and more

IE broken: Password-stealing, keystroke-logging malware runs amok

December 17, 2008 2:46am
by Richard Waters

FT.com technology headlines

FT techfeed

FT techblog: a guide

FT Techblog's comments

Categories

Recent Posts

About the authors

Technopolis

Gadget Guru

Full list of the FT's blogs

Archives

Selected FT blog posts

IE broken: Password-stealing, keystroke-logging malware runs amok

December 17, 2008 2:46amby Richard Waters

FT.com technology headlines

FT techfeed

FT techblog: a guide

FT Techblog's comments

Tags

Categories

Recent Posts

About the authors

Technopolis

Gadget Guru

Full list of the FT's blogs

Blogroll

Archives

Selected FT blog posts

December 17, 2008 2:46am
by Richard Waters