Quote:
Originally Posted by Alan T
Fidel, not trying to be disrespectful here, but I think you are putting the cart before the horse here.
Generally what occurs is the following process:
1) Hacker exploits website code or application in a way to gain access to the webserver.
2) Hacker uploads specific infected code (such as invisible ****** exploits) to the webserver to target more users computers to infect
3) Users using insecure browsers, or systems not patched to protect against such infections have their browser try to load the invisible ****** and thus instead load a trojan of some specific intent.
4) Once the trojan is loaded onto the user's system, it could do endless number of things depending on what it is programmed to do. Some "call home" and go to a different web server where it downloads new code or "instructions" Those instructions often are then told to set up key loggers or password stealers or endless other things. Other times it will actually launch a worm to try to infect other systems on the same network, etc.
So the link you posted is good advice, but incomplete. Users do need to be smart about what browser they use and how they use it, but they also need to have proper antivirus protection as well as making sure their system regularly stays patched to protect against many of these type of attacks.
That doesn't address the original cause of the attack however, where people's websites are being hacked or attacked.
|
Thanks Alan T.
Not intending to 'put the cart before the horse'. Just intending to pass along information that may have something to do with the recent attacks. If IE is deemed less safe than other browsers and specific evidence, such as the existence of security holes as the article states prove it, then we should probably think about the advice given by the security experts, you being one of them. In fact, in light of the fantastic information you gave us previously in this very thread, I was hoping that you would weigh in as well. Picking your brain helps us all.
