The latest exploit is a file called "img1big.gif" that decompresses into a malevolent Browser Helper Object (BHO) that captures your financial transactions. According to a report from SANS, this BHO:
watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries. When an outbound HTTPS connection is made to such a URL, the BHO then grabs any outbound POST/GET data from within IE before it is encrypted by SSL. When it captures data, it creates an outbound HTTP connection to http://www.refestltd.com/cgi-bin/yes.pl and feeds the captured data to the script found at that location.
There are only two choices left with IE: Either don't browse the web with it, or don't use it for financial transactions. Thank goodness there are choices like Mozilla, Firefox and Opera, for those of us still chained to Windows.
Posted by Geodog at July 6, 2004 01:46 AM | TrackBackMy apologies, but my web hoster has turned off commenting, due to a flood of obscene spam bringing the server to its knees. I hope to have this weblog transitioned over to Wordpress in the near future, so that I can have commenting up and working again. Until then, please feel free to send me your comments via my email contact form.. Please ignore everything below this comment.