IE : The World’s Best Advertisement for FireFox

By on June 29, 2004

In a surprise twist, a security flaw has been found in IE’s impenetrable armor that allows a trojan to install its payload and monitor for passwords sent over https connections. Your account number? Now it’s everyone’s account number! Thanks for sharing.

A “Browser Helper Object” is a DLL that allows developers to customize and control Internet Explorer. When IE 4.x and higher starts, it reads the registry to locate installed BHO’s and then loads them into the memory space for IE. Created BHO’s then have access to all the events and properties of that browsing session. This particular BHO watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries.

When an outbound HTTPS connection is made to such a URL, the BHO then grabs any outbound POST/GET data from within IE before it is encrypted by SSL. When it captures data, it creates an outbound HTTP connection to http://www.refestltd.com/cgi-bin/yes.pl and feeds the captured data to the script found at that location.

Via the folks at the Microsoft advocacy site SlashDot. (Oops, I left my sarcastifier turned all the way up!)

Gadgetopia

Comments

  1. I love the name of the script: “yes.pl”. I can just imagine some cracker sitting at his computer pumping his first in the air everytime it runs yelling, “Yes-s-s-s-s!!!:

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.