Cybercriminals Exploiting Internet Explorer Bug

Internet Explorer browser of Microsoft is now facing fresh cyber attacks trying to exploit an unpatched flaw in the browser. According to reports, fake antivirus products are being used by criminals to open back doors on the PCs of victims.

Internet Explorer versions 6 and 7 have been found vulnerable to this latest attack. However, for the attack to work, user has to visit a website containing malware.

The software giant (Microsoft) had already warned about the vulnerability in early March 2010. It seems that the same bug was abused in the targeted attacks. According to security researchers, exploitation caused by the attacks is much wider. Security vendor AVG highlighted that 30,000 attacks per day could easily be noticed.

Roger Thompson, Chief Research Officer, AVG, stated that despite the fact that it's not regarded as a massive assault, it's regarded as an unpatched bug that is aggressively used, as per the news published by Latest Gadgets on March 24, 2010.

Thompson claimed that two of the cyber gangs have already began exploiting the vulnerability. One of the gangs uses it for the installation of fake antivirus software on the computers of victim, whereas the other gang exploits it for installing a variant of the Sinowal Trojan, reported ITBusinessEdge on March 24, 2010.

He also said that majority of assaults are being hosted on websites especially developed to host the assault code, not on the hijacked sites, reported ComputerWorldUK on March 24, 2010.

However merely 16,000 assaults were detected on March 22, 2010, but the problem may worsen in coming few days, anticipated Thompson. The bug is expected to be abused by more such cybercrime gangs in next couple of weeks.

Another antivirus vendor, Trend Micro, also agreed to the view that assaults are rising. The levels are surging all the world, stated Paul Ferguson, research at Trend Micro, reported ComputerWorldUK on March 24, 2008.

In wake of these attacks, security firms are pressurizing Microsoft to release a fix for the vulnerability before its scheduled updates release date of April 13, 2010.

Related article: Cheburgen.a: A New Email Worm

» SPAMfighter News - 4/2/2010