Microsoft Internet Explorer (IE) Has Many Security Gaps, Recommend that Everyone Use a Different Internet Browser


(Clearwisdom.net) In the recent computer virus attacks against overseas practitioners, the attackers mainly took advantage of the security holes in Microsoft Internet Explorer (IE). We recommend that everyone use another Internet browser, and set it as the default browser. This will greatly reduce the security risk. Especially for practitioners who are not familiar what program to allow access to the Internet through the firewall, the browser replacement should be done as soon as possible.

In this article, we will talk more about computer security, especially in the area of IE security holes.

In the past several years, the computer attacks against Dafa practitioners have evolved in the following order:

  1. Attacking overseas Dafa web sites directly from mainland China
  2. Attacking overseas Dafa web sites through overseas proxies
  3. Attacking U.S. government web sites using fake Dafa web site's identity
  4. Set up fake oversea proxy to trap Mainland practitioners
  5. Spread virus through practitioners' email. The viruses are mainly the more popular ones that are currently spread on the Internet.
  6. Spy on practitioners' email communication, impersonate practitioners' style, and send email virus as attachment.

As practitioners become more and more aware of computer security, especially being careful about opening email attachments, these tricks are no longer effective. They have moved on to Trojan viruses to monitor practitioners' computer activity.

A "Trojan" is a program installed in the computer without the user knowing. The program automatically starts whenever computer is turned on. In the background, it monitors keyboard strokes and records any account name, password, and address book entries. It also scans all documents and steals useful information. Then it transmits such information to a remote machine.

Installing Trojans in the past was not easy. It required the user to run a program (such as open an email attachment). But now, with IE security holes, Trojans can be installed simply by visiting a web page. The evil is taking advantage of the security hole immediately.

Their attacks have following characteristics:

  1. Content:

    The email pretends to contain truth clarification information, for example: "Big Trial " or "Clarify the truth through different ways". It may say something to draw people's curiosity, such as "UFO appears at rocket launch." It may report some internal news such as mainland practitioner so and so being arrested.

  2. Web Page Link

    In order to install a Trojan, reading the email content is not enough. You must visit a web page. In the email, it often says, "Please click here to find out the newest information". This URL leads to a web page where the Trojan code is located. It mainly exploits the security hole in IE's embedded object feature. If you open the web source code (VIEW SOURCE), you should see some code like this:

    object data="lhxyexe.asp" height=0 width=0
    object data="lhxyhta.asp" height=0 width=0

    or the code is wrapped around like this:

    iframe src="mm.html" name="id" width="0" height="0" frameborder="0"
    Where the code is stored in "mm.html".

    The secret is "width=0 height=0". As result of these settings, the object is not shown on web page.

  3. HTML Attachment

    The next, more advanced trick is using an HTML attachment, which people are generally not suspicious about. However this HTML attachment contains the Trojan object code. In this case, it must use the complete URL:
    object data="http://xxx.xxx.xxx.xxx/lhxyexe.asp" height=0 width=0>

  4. Moving Trojan code server to overseas

    At the beginning, the Trojan code was located at China-based websites. We have found such servers in Shanghai, Shandong, etc. They also use some well-known Chinese web sites to forward the user to their server. For example, it may use the Net Ease website http://abckdkd.nease.net. Because Net Ease provides a domain name forward service, the user is forwarded to the server with the Trojan code.

    With a firewall installed, you need to very careful if your computer tries to visit a Chinese IP address without reason. Lately they have set up web sites outside China. We recently found one in the U.S. and one in East Asia.

How can we protect ourselves?

The answer is rather simple. So far all of these tricks exploit security holes in IE. Other good Internet browsers include Mozilla or Netscpae. Mozilla's installation is simple, please visit www.mozilla.com

The key point is that Mozilla must be set as the default browser in the computer. So when you click a URL in an email, the popup window is Mozilla-based instead of IE-based.

Mozilla is not supported well in some multimedia web sites. In those cases, if you are sure that the web site is safe, you may use IE to visit.

In summary, currently, discontinuing the use of IE is the best way to avoid Trojans. Please pay special attention to this matter.


Chinese version available at http://www.minghui.org/mh/articles/2003/11/11/60328.html

 Yearly Archive   Printer Version


We welcome your comments and suggestions, please email:
feedback@clearwisdom.net

Related Articles

Article Review
Over a Thousand People Witnessed the Atrocities of Police at the "Public Trial" and Loudly Shouted "Falun Dafa Is Good" [11/16/2003]
Microsoft Internet Explorer (IE) Has Many Security Gaps, Recommend that Everyone Use a Different Internet Browser [11/16/2003]
Taiwan: Ten Thousand Falun Gong Practitioners Gather at President's Office to Support Lawsuit against Jiang Zemin (Photos) [11/16/2003]
Washington DC: Falun Gong Practitioners Call for Urgent Rescue as Charles Lee's Situation in Prison Deteriorates (Photo) [11/16/2003]
Resolution 304 in the U.S. Congress Provides a Great Opportunity to Clarify the Facts More Broadly [11/16/2003]
FDI: American Citizen Subjected to Daily Brainwashing Sessions in Chinese Prison [11/15/2003]
Chinese Communist Party Politburo Member Wu Guanzheng Cannot Escape Responsibility For the Murder Of Falun Gong Practitioners [11/15/2003]
Cyprus: The Murderer and Slaughterer of Innocent People Cannot Escape the Trial of Conscience, Morality and Justice [11/14/2003]
Guard in Detention Center Instructs Inmates: "Hold a Meeting to Learn from those Who Practice Falun Gong" [11/14/2003]
"Self-Immolation" Analysis Movie Wins Columbus International Film & Video Festival Award (Photo) [11/14/2003]
US Consulate Official Says China's Public Security Official Is Attempting to Force Charles Li to Admit He Committed a Crime (Photo) [11/14/2003]
Ireland: Speech from Weekend Activities to Expose Jiang's Crimes: The Abuse of Women in the Persecution of Falun Gong (Photos) [11/13/2003]
FDI: Firefighter, Falun Gong Practitioner Tortured to Death in Chinese Forced Labor Camp [11/13/2003]
Final Trial Begins Against Chinese Newspaper Les Presses Chinoises in Montreal for Defaming Falun Gong; Lawyers Make Statements to the Court (Photos) [11/13/2003]
Plaintiffs in the Les Presses Chinoises Defamation Case Gather in Montreal's Chinatown and Call for an End to the Spreading of Hatred (Photo) [11/13/2003]
Media Alert: Chinese Authorities Forcibly Brainwash American Citizen from Menlo Park, California -- Protests from the US Government Are Ignored [11/13/2003]
Mother United with 7-Year-Old Daughter in New York After Three Years of Efforts (photos) [11/12/2003]
Taiwan: Hospital Director Says Falun Gong Saves A Fortune in Annual Health Care Costs (Photos) [11/12/2003]
Broadcasting Falun Gong Truth-Clarification Videos over Chinese TV is An Act of Immense Wisdom and Bravery [11/12/2003]
Bearing Witness to History: I Was Paralyzed For Sixteen Years, Now I am Healthy and Returned to Work [11/12/2003]
More Articles...