QHost Exploit for IE

Had an old customer e-mail me this week about an exploit he’d come across for Microsoft Internet Explorer called "QHost!". He wondered how he should protect against this.

I wasn’t familiar with this exploit so I went investigating. The exploit uses DNS to re-direct unsuspecting users to malicious sites. Nasty. However it turns out the exploit was patched some time ago
2003 to be precise! I honestly didn’t recall this exploit at the time,
but just goes to show you how many of these problems are still out
there in the wild.

The next question is, of course, how many users are still unpatched against such exploits, even after all this time…

3 Responses to “QHost Exploit for IE”

  1. 1 Rob November 18, 2005 at 11:42 am

    I patch myself regularly thus avoiding any nasty viruses. I hope other people do to. Many a time I’ve seem people exposing there hardware to malicious viruses these came from different sources. Software that is open sourced and dripping full of viruses. Portals that promise the earth within themselves only to leave deposits of nasty viruses and other infectious programs.

  2. 2 Mike November 19, 2005 at 7:21 am

    OK – I\’ll admit up front that I\’m not exactly without bias on this one. As you say yourself – the exploit was patched in 2003 and here we are a month and a bit away from 2006 talking about it. The Blaster, Code Red and Nimda viruses (to name but a few off the top of my head) were similarly patched twelve months or more before the exploit became commonplace and the virus started to have disasterous effects.So what does this tell us? It tells me that people don\’t habitually maintain their PCs and that software vendors have to make it easier to update software, if not actually produce self updating software. This last point works OK for home users but not in big corporates.So as an insider I know that this is a major focus area for Microsoft. We\’ve amalgamated the three or more download sites into one (www.MicrosoftUpdate.Com) so instead of going to windows update, office update and MS download site to patch a system you now go to one. We\’ve produce the MBSA (Microsoft Baseline Security Analyser) to help customers audit their estate for compliancy against patches and other bad practises (admin accounts with no passwords etc). We\’ve produced Software Update Services, Windows Update Services and now Microsoft Windows Server Update Services as a free product to push out patches automatically and we\’ve added the SUS Feature Pack to SMS to harness the IP into SMS too.In Windows Xp you can also set the machine to automatically scan and download updates.But we\’re not perfect – there\’s more that we can and will do (Microsoft One Care and Defender being examples of the ongoing push for security).And still. after all this, we\’re talking about a vulnerability that was patched 2 years or more ago!People need to view their PC like any other bit of machinery. Maintained well it lasts a long time and performs admirably. Don\’t maintain in and it will break (or be broken for you). Would you buy a car and not get it serviced? Does your Gas Boiler not get an annual check up? Your PC is no different – it just contains a whole lot more important information………………Do you get the impression I get asked this a lot? 🙂

  3. 3 Richard November 24, 2005 at 5:59 pm

    Hi Mike. I couldn\’t agree more. For all the negative comments about Microsoft products being insecure – IMO it\’s simply a case of Microsoft products being the main choice in the market, and so the easiest target for crackers/exploits.The latest versions of Windows make NOT keeping your software upto date quite hard! Features like nudges to set up Automatic updates, the "nagging" to reboot your computer after an update has been applied, SUS and WSUS server (which are free, none too difficult to roll-out, and easy to maintain) all make excuses for getting caught by exploits a bit inplausible.The spyware market is long overdue with some reliable Enterprise based products though. I appreciate there are products out there, but IMO they are overpriced and too complex. Every customer of mine asks after such products and to be honest, my advice at the moment is – the Microsoft (formerly Giant) solution is just around the corner. The sooner it comes, the better.Couldn\’t agree more with you on the maintenance front though.Now there is the small matter of Firewall complexity. If an experienced professional like myself can get confused with some of the products aimed at the SME market, then what hope do those companies that do this sort of stuff in-house have? I appreciate the area is a complex one, but I\’ve no idea why a company hasn\’t produced a simple GUI "drag\’n\’drop" interface for closing ports, opening others, port-forwarding, etc. It doesn\’t have to be this complicated! But then I guess some people didn\’t see any reason to move away from the command line to drag\’n\’drop GUI functionality in an O/S either… 🙂

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Tubblog on Twitter

Error: Twitter did not respond. Please wait a few minutes and refresh this page.


Enter your email address to subscribe to Tubblog and receive notifications of new posts by email.

Join 48 other followers

Microsoft Small Business Specialist Logo
Computer Weekly Blog Awards 2010 Logo
MSP Mentor 250 Logo
SMB 150 List Logo
International Association of Microsoft Channel Partners Logo
MyFreeCopyright.com Registered & Protected

%d bloggers like this: