December 16, 2008 2:33 AM Subscribe
posted by chuckdarwin (116 comments total)
2 users marked this as a favorite
BBC: Users of the world's most common web browser
(good old IE
!) have been advised to switch to a rival until a serious security flaw
has been fixed. Microsoft Security Advisory 961051
.Microsoft Corp. has tipped off its users of a “huge increase” in hacking attacks
exploiting a critical unpatched vulnerability in some versions of its flagship web-browser Internet Explorer (IE), and notified that some of these attacks have originated from hacked porn websites.
In addition to IE7, other versions like IE 5 and IE 6 have also been found to be vulnerable to the flaw, which on proper exploitation could enable a hacker to seize complete control over victim’s computer, the company added.
The flaw essentially originates from the improper handlings of DHTML data bindings due to a memory corruption error. Though the hackers have been exploiting the vulnerability for more than a week, the company notified an upswing in attacks over the weekend.
Researchers Tareq Saade and Ziv Mador in one of their postings on Malware Protection Center blog said, “Based on our stats, since the vulnerability has gone public, roughly 0.2 percent of users worldwide may have been exposed to websites containing exploits of this latest vulnerability”.
The researchers purported that the hackers have now changed their methodology of attacks, as instead of using malicious websites for attacks, they are now using compromised legitimate websites to trick the users.
Incidentally Trend Micro Inc has estimated that around 6,000 websites have been infected so far to exploit the vulnerability, with the count “quickly increasing in number”.