There has been a bit of buzz about the FBI catching someone who sent bomb threats via a spyware programme. http://www.heise-security.co.uk/news/92950 . How did they get it to install on the culprits computer? No one is silly enough to click on an email attachment. Was it exploiting a windows weakness? Should future terrorists use a mac?
If no one was silly enough to click on an email attachment, we would have A LOT less computer viruses, spyware, etc. floating around the Internet! Not saying that that is how they got the program in, just that you’re living in a dream world if you think no one is silly enough to click on an attachment these days.
This http://www.microsoft.com/downloads/details.aspx?FamilyID=E0F27260-58DA-40DB-8785-689CF6A05C73&displaylang=en is a link to a page where you can download a research paper on the various forms of malware & how they spread.
Bottom line: End-users clicking the attachment is responsible for something on the order of 1/3rd of all malware infections.
The article I read said it was designed to download to his computer when he logged onto his myspace account, which was associated with the threats.
thats sort of what I had inferred too. But how does just logging onto your myspace page download the malware? There are exploits in IE but they should be patched using the windows updates
I assumed they are exploiting one of those same holes the “bad” guys use. Could be one of the ones that hasn’t been reported yet but is being sold by the “bad” guys.
Just like we can dream of a day where people don’t click on every link they see in an email, we can dream for a day when people actually have all of the Windows updates installed. Just this past weekend, I was working on a friend’s office PC that didn’t even have XP’s SP2 yet, and that came out how many years ago?
You really think the rate is that low?
Going out a bit on the conspiracy theory limb, but it seams reasonable.
I imagine that the government has a playbook of vulnerabilities that their own researchers have discovered that deliberately haven’t and won’t be closed until someone else discovers them and makes them public.
Way out on the conspiracy limb. M$ has put back doors into Windoze at the behest of the gubmint.
I really question the idea that a fully patched windows system somehow has fixed all known vulnerabilities in IE.