July 22, 2010 at 21:51The Microsoft Windows vulnerability demonstrated by July 0-day exploit turned out to be multi-vector: sites can automatically infect readers through Internet Explorer
Many readers remember how on Monday, July 19, a blog post appeared on the ESET blog on Habrahabr informing about the appearance of a malicious program that could penetrate the system through specially designed shortcut icons.
In this blog post (at the end of it), it was recommended to familiarize yourself with the advice on the blog of an independent researcher (named Didier Stevens), who recommended cutting down the launch of files from USB and CD or loading them from there into memory.
Many relaxed, but meanwhile nothing ended with it.
Microsoft posted it on July 20 , and Security Lab reprinted it on June 21updating of the previous news. The update, however, says that an attack on the July vulnerability may not require either a flash drive or a sidyuk (or a dividend). Instead, it is enough for an attacker to create a specific site in a special way and wait for the user to access the site using Internet Explorer; and as soon as Windows tries to load the icon indicated on the site, everything will be over.
Now the real fun begins. In the comments on the ESET blog, only Linux fans seem to be ironic; but now oh! now it’s finally time to call for a transition to Firefox, Chrome, Safari, Opera, SeaMonkey, and so on and so forth. And genuine deep horror will embrace all those who climb the Web through IE or through any other sinister piece based on IE - Maxthon, Netscapein IE mode, Firefox with IE tab, Chrome Frame, and so on and so forth.
Doomsday of the Explorer!
In this blog post (at the end of it), it was recommended to familiarize yourself with the advice on the blog of an independent researcher (named Didier Stevens), who recommended cutting down the launch of files from USB and CD or loading them from there into memory.
Many relaxed, but meanwhile nothing ended with it.
Microsoft posted it on July 20 , and Security Lab reprinted it on June 21updating of the previous news. The update, however, says that an attack on the July vulnerability may not require either a flash drive or a sidyuk (or a dividend). Instead, it is enough for an attacker to create a specific site in a special way and wait for the user to access the site using Internet Explorer; and as soon as Windows tries to load the icon indicated on the site, everything will be over.
Now the real fun begins. In the comments on the ESET blog, only Linux fans seem to be ironic; but now oh! now it’s finally time to call for a transition to Firefox, Chrome, Safari, Opera, SeaMonkey, and so on and so forth. And genuine deep horror will embrace all those who climb the Web through IE or through any other sinister piece based on IE - Maxthon, Netscape
Doomsday of the Explorer!