Wednesday, June 30, 2004

It's time to dump Internet Explorer

Netcraft - Hackers manipulating Internet Explorer add ons

Quote: "Hackers have found yet another way to compromise Internet Explorer, adding Browser Helper Objects to their toolkit in mounting ever-more sophisticated phishing attacks. A series of recent exploits have penetrated security holes in fully-patched versions of Microsoft's browser to steal users' online banking passwords, adding to a growing crisis of confidence in Internet Explorer, and perhaps online banking as well. "

"It ultimately installs its keylogger trojan, which scans for https sessions connecting to URLs of popular banks (including Citibank, WestPac, Barcklays and HSBC) and then intercepts outbound data from IE before it is encrypted using the Secure Sockets Layer (SSL) protocol."

SANS - "New scam targets bank customers"
Quote: "When an outbound HTTPS connection is made to such a URL, the BHO then grabs any outbound POST/GET data from within IE before it is encrypted by SSL." - in other words, your bank details are stolen.