New IE Flaw Exploited in Russia

Vulnerability has been recently discovered in Internet Explorer that is being used by hackers to install spyware on computers that visit many pornography sites of Russia.

Researchers at Sunbelt Software Inc. first reported of malware on Russian porn site on September 2006. Since then, the attack occurred on about six other Russian porn sites. Security researchers also say that the "Web Attacker" code was used by nearly 1,000 websites, which indicates that this exploit would not take long to become widespread.
According to director, rapid response team, VeriSign's iDefense, Ken Dunham, fully patched IE browsers are still vincible. This new "zero-day" flaw is easy to exploit and has a lot of potential to spread Web-based attacks in future.

The attacker uses the vulnerability to construct a malicious web page that can lead to disclosure of a user's information when he visits the website or opens a malicious e-mail.

Web Security Company, Websense believes that the number of attacks may rise fast. The 'Web Attacker' tool often used to design attack sites appears to have been fitted with the new exploit, said Websense. To support this, it has been found that many previously known 'Web Attacker' sites are presently exploiting this vulnerability to download malicious software. It is, therefore, quite possible that several other 'Web Attacker' sites (about thousands of them) make use of the exploit, as they update with the latest version of the tool kit.

The flaw resides in a Windows item called "vgx.dll". This item is designed to support "Vector Markup Language" documents in the operating system.

Microsoft has not yet released a patch for the IE flaw that has made way for the Russian attack and would affect every next user of the Web browser. Meanwhile, Microsoft has advised its users to set up highest security on their browsers.

In the recent weeks, this is the second un-patched flaw discovered in Microsoft's IE . Last week, it announced a flaw in an ActiveX control linked to multimedia. Microsoft has posted the "Attack" code used to hack Windows PCs with IE 5 or IE 6 versions on the Internet. Another flaw in Word 2000 needs to be provided with a patch.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 03-10-2006

 

All SPAMfighter products offer a free trial!

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now

Full disk or slow disk?
Disk space recovery
and disk optimization. Try FULL-DISKfighter free


Spam Filter for Exchange Server

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove spyware

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software

Antivirus software for your Windows PC - Free 30 days trial

<<<  >>> 

Compatible with Windows 7

Works with Windows Vista

SPAMfighter is

Microsoft Gold Certified Partner

Intel Software Partner