News
News
3/27/2006
02:49 PM
50%
50%

Microsoft Preps IE Flaw Fix; Sites Exploiting Bug Multiply

The software company is working on a fix for a flaw in Internet Explorer that security experts say is being used by a growing number of Web sites to install spyware on users' computers.

Microsoft Corp. on Monday said it was working on a fix for a flaw in Internet Explorer that security experts said was being used by a growing number of Web sites to install spyware on users' computers.

As of Monday, security firm Websense Inc. said the number of unique Web sites taking advantage of the vulnerability had remained at about 200 since Sunday, given that the number of sites taken down have been replaced with a roughly equal number of new sites. The overall number, however, were expected to grow over time.

An entry on the Microsoft Security Response Center blog said the company was seeing "only limited attacks." Nevertheless, Microsoft was working on a fix that would be ready at least by April 11, the next regularly scheduled patch day, if not sooner.

"The IE team has the update in process right now and if warranted we'll release that as soon as it's ready to protect customers," the posting said.

The vulnerability enables hackers to exploit active scripting in IE to install keystroke loggers and other malicious software. Active scripting is a Microsoft technology that allows different software components to interact over the Internet.

Dan Hubbard, senior director of security at Websense said he believed a "limited number" of people or groups were exploiting the flaw, since malicious code on the sites was similar. Others, however, were expected to follow.

"We do believe that additional attacks will occur with different payloads," Hubbard said in an email.

The flaw, which is in IE 5.01, 6.0, and the January version of IE 7 Beta 2 Preview, was serious enough to prompt security vendor Symantec Corp. to raise its "Internet Threat Meter" for Web activities to "medium risk."

Microsoft recommended that customers who believe their machines may have been infected should visit the company's Windows Live Safety Center to have their machines scanned and the malware removed.

Security experts, however, recommended that people visit sites they know are safe, or use another browser, such as Firefox from the Mozilla Corp.

The unpatched vulnerability was first disclosed last Wednesday, raising alarms from security companies even before the first Web site exploiting the flaw was found. The SANS Institute's Internet Storm Center, for example, lifted its InfoCON level to "yellow" for the first time since late December when another zero-day flaw hit Windows users.

The Windows Metafile bug spawned hundreds of sites that used the flaw to load spyware, including keystroke loggers and backdoor Trojans, onto users' PCs.

In the latest CreateTextRange bug, security experts believe hackers would most likely use spam to lure people to sites capable of installing malware.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.