Web kiloseven.blogspot.com
www.arrl.org www.eham.net

2006-09-24

[M$] Drive-By Viruses, Internet Exploder and a fix

ZERT, the very unofficial Zero Day Emergency Response Team, now offers an unofficial patch targeted at Internet Explorer browser users who otherwise could get viruses just by visiting a web page. Of course, the free, faster and otherwise superior Firefox is immune to getting viruses this way {/hint}.

ZERT was formed after the December 2005 WMF (Windows Metafile) attacks and is not Microsoft-endorsed. However, as Microsoft becomes more agressive in sunbsetting popular operating systems like Windows 2000 and 98, more and more IT gurus will comoe out of the woodwork to become the J. C. Whitney catalog of software longevity and keep these old classics alive, as well as offering response quicker that 'wait 'til the second Tuesday of the month' Patch Tuesday approach Microsoft has extended to Windows users.
"Something has to be done about Microsoft's patching cycle. In some ways, it works. But, in other ways, it fails us," says Joe Stewart, a senior security researcher with SecureWorks, in Atlanta.

"It is clear that we are dealing with an underground group of people who are writing exploits for profits. They are waiting for Patch Tuesday to pass, then it becomes Exploit Wednesday. We're seeing these zero-days in the wild, timed precisely to guarantee at least an entire month to spread," Stewart said in an interview with eWEEK.

Thanks to eWeek and Ziff-Davis for the quote and other information from the link above.