Wednesday, December 17, 2008

IE Browser flaw could get your PC hijacked

San Francisco: Users of all current versions of Microsoft Corp’s Internet Explorer browser might be vulnerable to having their computers hijacked because of a serious security hole in the software that had yet to be fixed.

The flaw lets criminals commandeer victims’ machines merely by tricking them into visiting websites tainted with malicious programming code. As many as 10,000 sites have been compromised since last week to exploit the browser flaw, according to antivirus software maker Trend Micro Inc.

The sites are mostly Chinese and have been serving up programs that steal passwords for computer games, which can be sold for money on the black market. However, the hole is such that it could be “adopted by more financially motivated criminals for more serious mayhem — that’s a big fear right now”, Paul Ferguson, a Trend Micro security researcher, said.

“Zero-day” vulnerabilities like this are security holes that haven’t been repaired by the software makers. They’re a gold mine for criminals because users have few ways to fight off attacks. The latest vulnerability is noteworthy because Internet Explorer is the default browser for most of the world’s computers. Also, while Microsoft says it has detected attacks only against version 7 of Internet Explorer, which is the most widely used edition, the company warned that other versions are also potentially vulnerable. AP ‘About 90% of all email is spam’

Armies of hijacked computers are flooding the world with spam as hackers devise slicker ways to take over unwitting people’s machines, according to a Cisco report. Virus-infected computers are woven into “botnets” used to attack more machines and to send specious sales pitches to email addresses in low-cost quests to bilk readers out of cash. Junk email referred to as spam accounts for nearly 200 billion messages daily, 90% of email worldwide, according to Cisco, a US communications firm.

No comments: