Microsoft Releases Internet Explorer Fixes - InformationWeek
Software // Enterprise Applications
12:42 PM

Microsoft Releases Internet Explorer Fixes

The "configuration change" closes a loophole that had allowed hackers to convert popular Web sites into virus transmitters.

Microsoft on Friday released a "configuration change" designed to protect Internet Explorer users from what's known as the "Download.Ject" or "Scob" attack.

The security stopgap aims to thwart a two-pronged attack that surfaced on June 24. The first portion of the attack targeted Windows 2000 Servers running Internet Information Services 5.0 that hadn't been patched with the Microsoft Security Bulletin MS04-011 released in April. The attackers planted on those servers malicious code that's designed to infect the PCs of Web surfers who visited those sites.

Web surfers who visited infected Web sites then were attacked through several vulnerabilities within Internet Explorer. At that time there was no fix or patch available for one of the flaws, commonly known as ADODB, for which Microsoft issued the fix Friday.

The attackers used that vulnerability to insert Web-site objects that had malicious JavaScript code attached to them. The JavaScript then, in the background, contacted another Web site that inserted malicious software on the Web surfer's system.

Security experts were unclear about the motive behind the attack. Some said it was traced to a Russian Web IP address of known spammers; others said it was designed to steal consumers' financial information.

The Russian IP address that infected Web surfers' systems was quickly shut down, Microsoft said. However, security experts were quick to warn that the same attackers, or copycats, could quickly try the same attack ploy or some variation.

Microsoft also released a fix, or configuration change, for Windows XP, Windows Server 2003, and Windows 2000 operating systems that protects against the unpatched ADODB vulnerability. The configuration change is available on Microsoft's Download Center and will soon be available through Windows Update. Microsoft also promises to release a series of security updates for Internet Explorer.

These fixes are urgent. Days after the June 24 attack, the SANS Institute Internet Storm Center reported an attack aimed at pop-up ads surfaced on the Internet, also designed to infect Web surfers using Internet Explorer. The pop-up ads inserted on users' systems spyware designed to capture logon information for dozens of financial organizations worldwide, says Marcus Sachs, director of the SANS Internet Storm Center.

The targeted financial institutions include Citibank, Barclays, and Deutsche Bank.

The spyware code was designed to capture user logon information as it was typed but before the user name and pass codes were encrypted to be transmitted across the Internet, Sachs says.

Sachs says in this attack, the user information was sent to a Web site in San Diego that was quickly shut down Wednesday after SANS contacted the FBI about the attack.

To make matters worse for users of virtually every Web browser, Danish security firm Secunia on Friday issued a security alert it dubbed "moderately critical" that affects virtually every Web browser.

According to Secunia's advisory, the browser vulnerability makes it possible for a remote attacker to conduct a spoofing attack on Web surfers. This type of attack makes it possible to insert potentially malicious content within a browser window opened by a trusted site. The flaw affects Internet Explorer 5.x for the Mac, Konqueror 2.x, Netscape 6.x and 7.x, Safari 1.x, as well as multiple versions of Mozilla and Opera. Secunia's advisory is available here.

Microsoft has published information designed to help users protect themselves while surfing the Internet: The configuration change is, or will soon be, available here.

More information about the Scob attack is available here. And general information about computer security and safety from Microsoft is available here.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll