Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

VIRUS ALERT: 'Zero Day' IE vulnerability exploited by porn websites. By John Stokdyk

by
28th Sep 2006
Save content
Have you found this content useful? Use the button above to save it to your profile.

Concern is spreading in the online security community about a "zero day" vulnerability that was detected in Microsoft Internet Explorer last week.

A zero day threat exploits a previously unknown vulnerability - in this case a bit of code within Internet Explorer that handles graphics formatted with the Vector Mark-up Language (VML). VML is little used these days, but unknown hackers can deliberately misconfigure websites to cause the VML processor to crash and open a door for them to download malicious code to the affected PC.

"Zero day" means the exploit is out "in the wild" before any official patches have been released, explained security expert Stewart Twynham of Bawden Quinn.

The VML exploit has been identified on a number of pornographic websites that attempt to place spyware and key-loggers, such as Trojan.Vimalov, Twynham noted. "Although you'd have to visit the site in the first place, it is possible that the exploit could be crafted on to forums or blogs that allow the general public to make postings, but then fail to make certain basic security checks," he added.

Sensible precautions against this type of attack include avoid visiting suspicious/adult websites in the first place, and disabling Javascript handling in Internet Explorer via the Security tab under the Tools-Options menu.

Further details about the VML vulnerability are provided in Microsoft Security Bulletin MS06-055, which explains that it may be possible for hackers to propagate their code by getting people to click email or instant message links that take them to the suspect website.

People who set their email clients to read messages in plain text are at less risk from this vulnerability when using the Outlook or Outlook Express preview panes. Microsoft also recommends applying its Enhanced Security Configuration for Internet Explorer, which automatically applies the High security setting in IE's Tools option. This will disable scripts, ActiveX controls, Microsoft Java Virtual Machine (MSJVM), and file downloads.

But Twynham is slightly concerned about the information provided by Microsoft, which encourages users to follow its recommended PC protection regime of enabling firewalls, applying software updates and installing anti-virus software.

"In the case of this flaw, the above will not suffice in protecting PCs against this attack," Twynham warned. Patches for IE 5 and 6, plus Windows XP Service Pack 2 and Windows Server 3000 are all available from Microsoft's update website and are detailed in MS06-055..

Tags:

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.