Internet explorer still not safe

More than two million computers worldwide have been infected because of a major security flaw in Microsoft's Internet Explorer web browser, the software giant admitted today. Security experts urged people to switch to rival browsers such as Firefox, Opera or Safari, until the bug has been fixed. The problem, first revealed last week, allows criminals to take over computers and steal passwords if the user visits an infected website. As many as 10,000 sites have already been compromised to take advantage of the flaw, according to anti-virus software producer Trend Micro.

So far the websites, which are mostly Chinese, have been used to steal computer game passwords which can be sold on the black market. Hackers can secure up to £9,000 for these passwords from fanatical gamers. But Trend Micro security researcher Paul Ferguson confirmed there were major concerns that the problem could be exploited by 'more financially motivated criminals for more serious mayhem'. John Curran, head of Microsoft's Windows commercial business group in the UK, said the company was 'working around the clock' to fix the problem. 'What we have seen in terms of infection is this is 0.2 per cent of Internet Explorer users,' he said. 'Obviously when you are talking about a customer base of over one billion people, any amount of vulnerability is too much and any type of infection is going to see a large number of people affected by it.'

This equates to more than two million infected machines - although Mr Curran said the flaw was primarily being exploited in China.

Microsoft said it had so far only found attacks against version 7 of Internet Explorer, the world's most popular web browser, but warned that other versions were 'potentially vulnerable'.

In a security update issued yesterday, the computer giant said: 'We are actively investigating the vulnerability that these attacks attempt to exploit.

'We will continue to monitor the threat environment and update this advisory if this situation changes.'

Microsoft may fix the problem in its regular monthly security update or issue an emergency software patch.PC Pro magazine's security editor, Darien Graham-Smith, said hackers were always on the look out for new ways to access penetrate computers.

'The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough.

'Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation,' he said.

According to the Microsoft warning, an attacker could host a specially crafted website that is designed to exploit the flaw through Internet Explorer and then convince a user to view the Web site.

The attacker could also take advantage of compromised websites and sites that accept or host user-provided content or advertisements.

These could contain specially crafted content that could exploit the flaw. In all cases, however, an attacker would have no way to force users to visit these websites.

Instead, the fraudster would have to convince users to visit the site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's site.

It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.

The flaw requires that a user is logged on and reading e-mail messages or is visiting websites for any malicious action to occur.

Therefore, any systems where e-mail messages are read or where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.
Credits: DailyMail.


No comments:

Featured Read

Severe Influenza Doubles Odds of Developing Parkinson's

Severe influenza doubles the odds that a person will develop Parkinson's disease later in life, according to University of British Co...