Network News

X My Profile
View More Activity

Heads Up Internet Explorer Users

A plug-in for Microsoft's Internet Explorer Web browser that helps users upload photos to popular sites such as Facebook and Myspace contains multiple security holes. To make matters worse, hackers have now published instructions showing how to exploit those flaws to break into vulnerable systems and install software.

At issue is a set of faulty ActiveX controls produced by Aurigma, a technology company whose image transfer browser plug-in is licensed and distributed by a number of major Web sites to help IE users upload pictures. According to an alert posted Monday by the Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT), an attacker could break into an IE user's system if the user has one of these vulnerable plug-ins installed.

These insecure plug-ins can be exploited on a target's machine if the victim merely views an infected Web site or e-mail with the now publicly available exploit code.

Given the hundreds of millions of Windows users who frequent these social networking sites every day, this may turn out to be a target-rich environment that is simply too good for cyber crooks to pass up. Normally, fixing broken ActiveX plug-ins involves manually editing the Windows registry, which is not something I ever advise the average user to undertake lightly (if you screw up something important and you don't know how to recover from it, an errant registry change can mean big trouble).

Fortunately, the good folks at the SANS Internet Storm Center just released a simple little graphical program that can do all the hard work while virtually eliminating the chances that you'll mess something up. Their point-and-click tool, rather unceremoniously named "KillBitGui-Feb08.exe," simply sets a marker in the registry alerting Windows that if the vulnerable ActiveX components are installed, then the operating system should not let anyone or anything make use or activate said components.

Maybe you don't remember downloading this ActiveX tool. Maybe you don't ever go to Myspace, Facebook or Yahoo! (the vulnerable Yahoo! ActiveX bit addressed by this tool resides in Yahoo! Music Jukebox 2.x). But if you use IE as your browser, run this tool. Put check marks in all of the boxes, then hit the "set" button. The notation next to each entry should now read "CLSID Exists." Click the "x" in upper right corner of the box. You're done. If you ever want to undo any part of what you just did, run the tool again and uncheck the relevant boxes and hit "set."

It may not protect you 100 percent against this attack, but it's better than anything else going at the moment. If you want to upload pictures to sites, my best advice is to use another Web browser.

By Brian Krebs  |  February 5, 2008; 12:24 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: RealPlayer Labeled 'Badware'
Next: Adobe, Apple Issue Security Updates

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company