Skip to main content

Internet explorer still not safe

More than two million computers worldwide have been infected because of a major security flaw in Microsoft's Internet Explorer web browser, the software giant admitted today. Security experts urged people to switch to rival browsers such as Firefox, Opera or Safari, until the bug has been fixed. The problem, first revealed last week, allows criminals to take over computers and steal passwords if the user visits an infected website. As many as 10,000 sites have already been compromised to take advantage of the flaw, according to anti-virus software producer Trend Micro.

So far the websites, which are mostly Chinese, have been used to steal computer game passwords which can be sold on the black market. Hackers can secure up to £9,000 for these passwords from fanatical gamers. But Trend Micro security researcher Paul Ferguson confirmed there were major concerns that the problem could be exploited by 'more financially motivated criminals for more serious mayhem'. John Curran, head of Microsoft's Windows commercial business group in the UK, said the company was 'working around the clock' to fix the problem. 'What we have seen in terms of infection is this is 0.2 per cent of Internet Explorer users,' he said. 'Obviously when you are talking about a customer base of over one billion people, any amount of vulnerability is too much and any type of infection is going to see a large number of people affected by it.'

This equates to more than two million infected machines - although Mr Curran said the flaw was primarily being exploited in China.

Microsoft said it had so far only found attacks against version 7 of Internet Explorer, the world's most popular web browser, but warned that other versions were 'potentially vulnerable'.

In a security update issued yesterday, the computer giant said: 'We are actively investigating the vulnerability that these attacks attempt to exploit.

'We will continue to monitor the threat environment and update this advisory if this situation changes.'

Microsoft may fix the problem in its regular monthly security update or issue an emergency software patch.PC Pro magazine's security editor, Darien Graham-Smith, said hackers were always on the look out for new ways to access penetrate computers.

'The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough.

'Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation,' he said.

According to the Microsoft warning, an attacker could host a specially crafted website that is designed to exploit the flaw through Internet Explorer and then convince a user to view the Web site.

The attacker could also take advantage of compromised websites and sites that accept or host user-provided content or advertisements.

These could contain specially crafted content that could exploit the flaw. In all cases, however, an attacker would have no way to force users to visit these websites.

Instead, the fraudster would have to convince users to visit the site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's site.

It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.

The flaw requires that a user is logged on and reading e-mail messages or is visiting websites for any malicious action to occur.

Therefore, any systems where e-mail messages are read or where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.
Credits: DailyMail.


Comments

Popular posts from this blog

Charging Implanted Heart Pumps Wirelessly

Mechanical pumps to give failing hearts a boost were originally developed as temporary measures for patients awaiting a heart transplant. But as the technology has improved, these ventricular assist devices commonly operate in patients for years, including in former vice-president Dick Cheney, whose implant this month celebrates its one-year anniversary. Prolonged use, however, has its own problems. The power cord that protrudes through the patient's belly is cumbersome and prone to infection over time. Infections occur in close to 40 percent of patients, are the leading cause of rehospitalization, and can be fatal. Researchers at the University of Washington and the University of Pittsburgh Medical Center have tested a wireless power system for ventricular assist devices. They recently presented the work in Washington, D.C. at the American Society for Artificial Internal Organs annual meeting, where it received the Willem Kolff/Donald B. Olsen Award for most promising research in

Autism and Eye Contact: Genes very much are involved

We have now a lot of evidence on genetic components in many disorders including neurological in both adults and kids. Autism is one such problem that has many genes involved. Research is still in full swing to find more genes and related pathways. However, one can find autistic features more phenotypically before genotyping. Eye contact is one of them. Studies have shown that autistic kids make less eye contact. This has been shown to have genetic component now. New research has uncovered compelling evidence that genetics plays a major role in how children look at the world and whether they have a preference for gazing at people's eyes and faces or at objects. The discovery by researchers at Washington University School of Medicine in St. Louis and Emory University School of Medicine in Atlanta adds new detail to understanding the causes of autism spectrum disorder. The results show that the moment-to-moment movements of children's eyes as they seek visual information about the

How much people depend on weather reports

Meteorologists on television, radio, online, and in newspapers supply weather reports to the average person over 100 times a month. Surveys demonstrated that the 300 billion forecasts accessed generate a value of $285 per household every year, or $32 billion for the entire United States. Odds are you have already watched one weather forecast today and will probably check out a few more. Accurate, timely forecasts are vital to everyday life, but just how critical may surprise you. Whether at work or play, you probably watch the weather quite closely. Most of us are at the weather person's mercy to know what to wear, what to expect, to prepare for the worst. New research shows the average United States household checks out a weather report more than three times a day. "It impacts pretty much every part of every activity we are involved with for the most part," Jeff Lazo, the director of the Societal Impacts Program at the National Center for Atmospheric Research (NCAR) in B