Internet Explorer Vulnerability Exploited Again - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Internet Explorer Vulnerability Exploited Again

Security experts say a Trojan horse directed traffic from popular Web sites to an IP address designated by the attacker.

Vulnerabilities in Microsoft's Internet Explorer Web browser have been exploited again, security experts said on Thursday, this time by a Trojan horse that redirected traffic from more than 100 popular Web sites to an IP address designated by the attacker.

The Trojan, dubbed Qhosts and Delude.B by various anti-virus vendors, redirected traffic on compromised machines from a large number of legitimate sites--primarily search engines, among them those found at AltaVista, Google, Lycos, MSN, and Yahoo. According to Computer Associates, requests to surf to those search sites were shunted instead to a Web site that was taken offline within 24 hours of the Trojan's appearance.

"This is another attempt by an attacker, probably the same attacker who wrote the original Delude Trojan earlier this month, to hijack Web sites and potentially profit from that redirection," said Ken Dunham, the director of malicious code for iDefense, a 5-year-old company that specializes in security intelligence and provides information to clients through partners such as British Telecom and Japan's Itochu Corp. "It's definitely another exploit of the vulnerabilities that still exist within Internet Explorer."

Qhosts is only the most recent exploit of Internet Explorer vulnerabilities. Starting last week, and continuing over the weekend, others commandeered AOL Instant Messenger accounts and downloaded code that forced users' computers to dial 900 numbers.

The flaw in Internet Explorer stems from a problem the browser has in correctly determining Object Types, and was thought to be patched by a fix that Microsoft released on Aug. 20. But that patch hasn't put a stop to attacks.

"Just by surfing the Web with Internet Explorer, attackers can install anything, at will, on your system and you won't even know it," said Dunham. By exploiting the vulnerabilities, "attackers can use any kind of HTML content to install a Trojan."

As of Thursday, Microsoft hasn't released an updated patch to close Internet Explorer's security holes. A Microsoft spokesman said the company "is investigating an exploit of a variation on a vulnerability originally patched in Microsoft Security Bulletin MS03-032. We will release a fix for this variation shortly."

Microsoft also recommended that users protect themselves against the newer exploits by changing Internet Explorer's security zone settings to prompt before running ActiveX controls, and although the original patch doesn't cover all the bases, install that fix nonetheless.

Most anti-virus vendors have released updated signature files that will trap Qhosts, and rated the vulnerability as moderate. Symantec Corp. ranked Qhosts as '2' in its 1-through-5 scale, while Network Associates labeled it as "low-profile."

Though Qhosts doesn't seem to be a particularly disruptive or damaging Trojan, and the destination site for its redirection was quickly shuttered--that could easily change, said Dunham.

"The possibilities are very large that a worm could come out of this exploit," he said, due to the tempting target that Internet Explorer makes and how easy it would be to wrap the exploit code into, say, a worm delivered by mass E-mail.

"An E-mail worm that takes advantage of this vulnerability could be devastating," Dunham said. While he doesn't have any direct evidence that a worm is imminent, Dunham did say that he's spotted code on hacker sites, including one based in Russia, indicating that attackers are working on such a worm.

Symantec, which released its six-month evaluation of vulnerabilities and threats on Wednesday, pointed to Internet Explorer as software that IT managers should monitor closely.

Users can protect Internet Explorer against attack, or at least mitigate those attacks, said Dunham, by following Microsoft's advice to disable ActiveX controls or prompt the user before running them. "But another idea is to use a non-vulnerable browser," such as Netscape Navigator, Mozilla, or Opera. The Internet Explorer vulnerability "will be a constant avenue of attack, so it's a good idea, and common sense, to have a multiple-browser setup, just in case," he said. "Enterprises could continue to use IE for trusted sites or internally, and another browser to reach external or questionable sites. It would be the best of both worlds."

Machines already infected with the Qhosts Trojan can be cleaned using a variety of anti-virus packages, or cleansed manually by editing the Windows Registry. Instructions for the latter can be found on several security sites.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
Slideshows
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
Commentary
AI Ethics Guidelines Every CIO Should Read
Guest Commentary, Guest Commentary,  8/7/2019
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll