Computer Crime Research Center


Internet Explorer critical flaw

Date: March 24, 2006
Source: Washington Post

Security experts are warning that at least one set of instructions showing bad guys how to exploit an unpatched security hole in Microsoft's Internet Explorer Web browser have been posted online, and that malicious Web sites are likely to begin using the blueprints to install spyware and other unwanted junk on visitors' Windows computers.

Microsoft acknowledged the previously undisclosed flaw in a blog posting earlier this week, in which it urged users to practice "safe browsing practices" -- such as only visiting trusted Web sites. I'd like to offer my two cents, which is that Security Fix readers who use Windows consider downloading and using a different browser, like Firefox, Netscape or Opera.

That advice is not to suggest that these browsers are free from security flaws. It's just that you're not anywhere near as likely to see attackers exploiting them to install software you don't want on your PC.

If you don't believe me, read the story I wrote last week about the scourge of keyloggers still being foisted upon IE users who haven't yet applied a patch that Microsoft made available in January. For nearly two weeks prior to that patch release, thousands of Web sites were either using the flaw on their own to install spyware, or were being hacked and seeded with exploit code to unwittingly infect visitors who came to the sites with vulnerable versions of IE.

In considering whether to use IE for regular Web browsing, I think it's important to keep in mind that exploits like these tend to be discovered by individuals in the hacker underground and used for a spell -- if not sold -- before they become public for profit-making ventures, such as the installation of adware and password-stealing programs like keystroke loggers.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2006-03-24 07:21:42 - If you're using the new refresh of the IE7... Duke
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo