Twitter Updates

    follow me on Twitter

    Wednesday, December 17, 2008

    IE security flaw

    More than two million computers worldwide have been infected because of a major security flaw in Microsoft's Internet Explorer web browser, the software giant has admitted.

     

    The problem, first revealed last week, allows criminals to hijack computers and steal passwords if the user visits an infected website. As many as 10,000 sites have already been compromised to take advantage of the flaw, according to anti-virus software producer Trend Micro.

     

    So far the websites, mostly based in China, have largely been used to obtain computer game passwords which can be sold on the black market. But there are grave fears that cyber criminals will exploit the "zero day" vulnerability - so-called because it has not been fixed yet - to steal people's bank details.

     

    Rik Ferguson, Trend Micro's senior security adviser in the UK, said the flaw was of "really high value to the cyber-crime community", adding: "The threat from it is only going to grow. Zero days are unusual - and zero days in the world's most popular browser on the world's most popular operating system are really unusual."

     

    John Curran, head of Microsoft's Windows commercial business group in the UK, said the company was "working around the clock" to fix the problem.

     

    He said: "What we have seen in terms of infection is this is 0.2% of Internet Explorer users. Obviously when you are talking about a customer base of over one billion people, any amount of vulnerability is too much and any type of infection is going to see a large number of people affected by it."

    This equates to more than two million infected machines - although Mr.Curran said the flaw was primarily being exploited in China.

     

    Computers can be infected by visiting a legitimate website that has been compromised with a small piece of code that invisibly redirects the browser to an infected site.

    Then a Trojan program is downloaded to the hard drive, allowing criminals to do everything from stealing passports to using the machine to send out spam e-mails.

     

    Some computer security experts are advising users to switch to another web browser until Microsoft fixes the problem.

    I wonder if this affects IE 8 beta 2. But I think no harm will befall upon us if we don’t visit those Chinese Websites, or click on suspicious attachments, links to free smileys etc. Read more here.

    Assembled and compiled by Abhinov at 11:18 AM
    Labels: , ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)