04-05-2007, 08:41 PM
Quote:Alas, I'm a victim of this whole key-logging mess, too. Blame IE all you want, from what I've heard, Firefox is affected as well. Emphasis on heard, though.
Basically, we're back to the stone-age (think, IE5 before service pack 2), where you could get infected with nasties by simply clicking a link to, say, an image, which, due to some nasty scripting, resulted in my computer being affected by a keylogger without me knowing 'till it was too late. So, be careful with what links you click.
For the time being, a solution to counter this is to simply disallow your browser to run any scripts. Safety over functionality, one might say.
Unfortunately in this case, disallowing the running of scripts may not save you from what the hackers were using. They were exploiting some bad code in how MS Windows handles animated cursors. And that can come from the website sending data for an animated cursor for any browser to display, since the coding loophole is in one of the base DLLs used by windows to handle its GUI. Essentially all that you would have needed to do was go to an infected webpage; no need to click or mouse over anything there to get infected.
http://www.zone-h.org/content/view/14682/92/
http://news.bbc.co.uk/2/hi/technology/6526851.stm
Make sure you get the latest security patch from MS since this loophole has been lurking in the code since Windows NT and was still in there for the Vista release.