Had an old customer e-mail me this week about an exploit he’d come across for Microsoft Internet Explorer called “QHost!“. He wondered how he should protect against this.
I wasn’t familiar with this exploit so I went investigating. The exploit uses DNS to re-direct unsuspecting users to malicious sites. Nasty. However it turns out the exploit was patched some time ago… 2003 to be precise! I honestly didn’t recall this exploit at the time, but just goes to show you how many of these problems are still out there in the wild.
The next question is, of course, how many users are still unpatched against such exploits, even after all this time…
I wasn’t familiar with this exploit so I went investigating. The exploit uses DNS to re-direct unsuspecting users to malicious sites. Nasty. However it turns out the exploit was patched some time ago… 2003 to be precise! I honestly didn’t recall this exploit at the time, but just goes to show you how many of these problems are still out there in the wild.
The next question is, of course, how many users are still unpatched against such exploits, even after all this time…
RICHARD TUBB
Richard Tubb is one of the best-known experts within the global IT Managed Service Provider (MSP) community. He launched and sold his own MSP business before creating a leading MSP media and consultancy practice. Richard helps IT business owner’s take back control by freeing up their time and building a business that can run without them. He’s the author of the book “The IT Business Owner’s Survival Guide” and writer of the award-winning blog www.tubblog.co.uk
All PostsYou might like:
Comments
3 thoughts on How to patch the QHost Exploit for Internet Explorer
ROB
18TH NOVEMBER 2005 11:42:15
I patch myself regularly thus avoiding any nasty viruses. I hope other people do to. Many a time I’ve seem people exposing there hardware to malicious viruses these came from different sources. Software that is open sourced and dripping full of viruses. Portals that promise the earth within themselves only to leave deposits of nasty viruses and other infectious programs.
MIKE
19TH NOVEMBER 2005 07:21:50
OK - I'll admit up front that I'm not exactly without bias on this one. As you say yourself - the exploit was patched in 2003 and here we are a month and a bit away from 2006 talking about it. The Blaster, Code Red and Nimda viruses (to name but a few off the top of my head) were similarly patched twelve months or more before the exploit became commonplace and the virus started to have disasterous effects.So what does this tell us? It tells me that people don't habitually maintain their PCs and that software vendors have to make it easier to update software, if not actually produce self updating software. This last point works OK for home users but not in big corporates.So as an insider I know that this is a major focus area for Microsoft. We've amalgamated the three or more download sites into one (www.MicrosoftUpdate.Com) so instead of going to windows update, office update and MS download site to patch a system you now go to one. We've produce the MBSA (Microsoft Baseline Security Analyser) to help customers audit their estate for compliancy against patches and other bad practises (admin accounts with no passwords etc). We've produced Software Update Services, Windows Update Services and now Microsoft Windows Server Update Services as a free product to push out patches automatically and we've added the SUS Feature Pack to SMS to harness the IP into SMS too.In Windows Xp you can also set the machine to automatically scan and download updates.But we're not perfect - there's more that we can and will do (Microsoft One Care and Defender being examples of the ongoing push for security).And still. after all this, we're talking about a vulnerability that was patched 2 years or more ago!People need to view their PC like any other bit of machinery. Maintained well it lasts a long time and performs admirably. Don't maintain in and it will break (or be broken for you). Would you buy a car and not get it serviced? Does your Gas Boiler not get an annual check up? Your PC is no different - it just contains a whole lot more important information..................Do you get the impression I get asked this a lot? :)
RICHARD
24TH NOVEMBER 2005 17:59:59
Hi Mike. I couldn't agree more. For all the negative comments about Microsoft products being insecure - IMO it's simply a case of Microsoft products being the main choice in the market, and so the easiest target for crackers/exploits.The latest versions of Windows make NOT keeping your software upto date quite hard! Features like nudges to set up Automatic updates, the "nagging" to reboot your computer after an update has been applied, SUS and WSUS server (which are free, none too difficult to roll-out, and easy to maintain) all make excuses for getting caught by exploits a bit inplausible.The spyware market is long overdue with some reliable Enterprise based products though. I appreciate there are products out there, but IMO they are overpriced and too complex. Every customer of mine asks after such products and to be honest, my advice at the moment is - the Microsoft (formerly Giant) solution is just around the corner. The sooner it comes, the better.Couldn't agree more with you on the maintenance front though.Now there is the small matter of Firewall complexity. If an experienced professional like myself can get confused with some of the products aimed at the SME market, then what hope do those companies that do this sort of stuff in-house have? I appreciate the area is a complex one, but I've no idea why a company hasn't produced a simple GUI "drag'n'drop" interface for closing ports, opening others, port-forwarding, etc. It doesn't have to be this complicated! But then I guess some people didn't see any reason to move away from the command line to drag'n'drop GUI functionality in an O/S either... :-)