Heal Your Church WebSite


Teaching, rebuking, correcting & training in righteous web design.

IE-eeeeeeee : what the Download.Ject exploit means to your church website

Just as Scripture compels us to be “all things to all men“, so too our websites need to be as many things as possible to as many browsers as possible. A feat which isn’t always possible because of the “wide variety of standards” plaguing the world of Internet browsers – a variety that has made browser simulation services such as BrowserCam are profitable.

But it is not the oft debated (and seldom agreed upon) geek-only issue of cross-browser compatibility that brings me to this topic, but rather it is yet another Internet Explorer exploit that reared it’s ugly head last week dubbed by Microsoft as “Download.Ject” that may determine which browsers your visitors use – and how they use them.

According to LURHQ, last month a “number of sites are reporting malicious javascript code being appended to every page served by their IIS server.” A script that according to Geek.comwill cause your browser to download a trojan to your computer without your knowing.

In other words, someone figured out how to hack a bunch of not-so-up-to-date with the latest patches Microsoft IIS 5.0 servers, adding a script that will infect your computer when you visit the tainted page using Microsoft Internet Explorer via Windows 2000 or XP. What’s worse, this script deposits a nasty little trojan horse ‘phishing’ program that tries to capture your eBay and PayPal information, along with random some pop-ups to trick you into giving them even more sensitive information.

Workaround == More Work for You

Though the Russian server propagating this attack has been shut down, and though Microsoft is now offering a ‘Critical Update‘ to address the problem – a solution that according to ‘The Register‘ is still a workaround and therefore “a non-starter.

Workaround or not, I suspect this latest exploit is going nudge some stubborn IE users into alternative browser solutions such as Mozilla or Opera. Likewise, I’d bet an Ostrich burger at FuddRuckers that some of you are going to find scripting disabled on your computers at work as IT managers react to this threat by employing the latest CERT recommendations to your browser.

Bottom Line Best Viewed With …

Putting it all together, if your church website is heavily dependent on Javascript and/or ActionScript to render your content, then you need to revisit your site without the benefit of scripting turned-on. Likewise, if your organizations website is “best viewed with MSIE” then you are going to need to make sure your site’s layout can also accommodate a change in browsers by your visitors.

Cross-Browser Related Resources:

  • Evolt Browser Archive – install an old browser on your new machine today!
  • AnyBrowser.com – Your Source for Browser Compatibility Verification
  • BrowserCam.com – IMHO, a better Source for Browser Compatibility Verification
  • Silocon Glen – Cross browser compatibility and website design
  • NetMechanic – Browser Compatibility Tutorial
  • iCapture – your site through the eyes of Apple’s Safari browser.
  • ieCapture — See your site in an array of PC browsers now!

Extra Credit Reading Re:Download.Ject:

2 Comments

  1. Stinky but true. Someone pointed out to me after several weeks of becominglessstupid.com’s being live that the layout (CSS) was very screwy in Mozilla. Good to know; a pain to deal with. And then there’s Safari. And I’m not even doing anything fancy! The price we pay for table-free layouts…

  2. I’ve always tested my pages on IE because that is the only browser I use, but I try to adhere to the W3C’s standards as close as possible. I thought adhering to these standards was supposed to make your website compatible with all browsers. Is this not true?

    I use JavaScript to display random videos and articles on my website. If you are discouraging the use of JavaScript, what would be a good alternative? Could this be achieved using CGI or PERL?