If you’re using Internet Explorer on a system running Microsoft XP or Windows Server 200, Microsoft warns there is a serious security flaw. The flaw allows hackers to take control of your computer according to a report in USA Today. All you have to do is visit a web site infected with a tiny bit of code that taps into the security hole.
And the bad news–there is apparently little Microsoft can do about the potential threat. As of this report, there is no fix available for the security threat.
Dean Turner, director of Symantec Security Response, says a cybercriminal group has corrupted an estimated several hundred legitimate Web pages with such infections since July 1. The criminals most likely are sending out e-mail spam to trick victims into clicking to the corrupted pages.
Symantec researchers caught part of the malicious code moving across the Internet in a computer, called a honey pot, set up to receive infections. But they have not captured any samples of the e-mail trickery.
“This is not that uncommon,” Turner said. “But this kind of exploit in the wild, with no security patch yet available, has the potential to affect hundreds of thousands of people.”
A flurry of similar attacks on Internet Explorer took place in 2007 and 2008, but have slowed. Attackers in 2008 began to gravitate to security holes in popular applications, such as Microsoft Word.
The so-called zero day vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.
Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft’s website, while the company works on a “patch” — or software fix — for the problem.
Once the attacker gains access to a PC, the machine most often is used in a network of other compromised PCs, called bots, to spread spam and steal data. Bots are also widely used to spread promotions for fake anti-spyware subscriptions and to hijack cash from online banking accounts.
A Microsoft advisory says the company is working on a patch, which will be distributed “when it has reached an appropriate level of quality for broad distribution.”
Michael T says
I agree. Keep this crap off the SciFi feeds.
The only SciFi related part of this is calling this useful.