Advanced

By George Norman - Software News Editor

Added on 16 Dec 2008(1747 Views)

The security vulnerability that until recently only affected Internet Explorer 7 (IE7) has taken on a life of itself and now not only is it being exploited by people with malicious intent, it also affects all Internet Explorer versions (perhaps not IE8 RC1 that has been released only to Microsoft partners). A staggeringly large number of web pages have been infected, and security experts advise IE users to switch to other browsers while the problem is being investigated.

Graham Cluley from Sophos, company that specializes in developing security software and hardware, comments: “On Saturday, Microsoft blogged that a staggering 0.2% of all internet users may have been exposed to the exploit, which has been seen on pornographic websites. Of course, website attackers don’t just target porn sites. We see something like 20,000 new infected webpages every single day (that’s one every 4.5 seconds), and the vast majority of those are legitimate sites that have been compromised by the likes of an SQL injection attack.”


There are a couple of snags that you must be aware of. First of all, even though Microsoft said it is looking into the matter and will issue a fix as soon as possible, who knows how long it will take them to come up with a patch. Switching over to browsers such as Mozilla Firefox, Google Chrome, or Opera 9.63 is not a miracle cure-for-all; these browsers have plenty to offer, but they will not guarantee a 100% online safety percentage.

If you are curious to find out how this security vulnerability is being actively exploited, the Microsoft Malware Protection Center provides an explanation: “First, some legitimate web sites were maliciously modified to include the exploits. For example a popular search engine in Taiwan was found to be hosting the exploit. Luckily, that site was quickly cleaned. Secondly, we’ve noticed some pornography sites have started hosting these exploits too: We recently found a web site in Hong Kong that serves various content including adult entertainment. Users who hoped to watch that content, became target of those attacks: specifically, the exploit dropped Trojans that we detect as Trojan:Win32/VB.IQ.dr and Trojan:Win32/VB.IQ.”

According to Senior Security Advisor with TrendMicro, Rick Ferguson, so far the exploit has been used to steal game passwords, but it is only a matter of time until online criminals will start taking advantage of it.





Don't forget to:

RSS


Tags: Microsoft, Internet Exporer

Link to this article:

Comments


Add comment:

Top Downloads

Copyright © FindMySoft.com 2006-2008
0.029 s