Corporate Servers Spreading IE Virus [Updated]

June 28, 2004 | Source: Slashdot

ZDNet is reporting that corporate web servers are infecting visitors’ PCs.

The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via several high-credibility sites. ZDNet says users have “few options” other than alternative browsers or platforms.”

A reader points out Microsoft’s What You Should Know page. Here’s the short version for avoiding this Critical severity attack: you must install add-on software, and change multiple settings in multiple programs, thus causing “some Web sites to work improperly.” By changing more settings, you can regain functionality for a particular site if “you trust that it is safe to use,” which you have no way of knowing.

Reuters reports the attack installs a keysniffer which can steal credit card numbers, passwords, and so on. The story offers safety tips, but fails to mention that, after patching the hole, many users will be infected without their knowledge. Shouldn’t the “fix” include ceasing to type anything important into your computer until you purchase software which can detect and remove the Trojan? And will you be downloading that software with Mastercard or Visa?