Hackers Target IE6 and 7; MS Recommends Upgrade

by John Lister on 20101105 @ 10:27PM EST | google it | send to friends
Filed under Security | (related terms: internet explorer, browser, attack, microsoft, editions)

Microsoft has announced a temporary workaround for users of older editions of Internet Explorer (IE) vulnerable to a new bug. The situation yet again highlights the importance of upgrading to the more secure, recent editions (IE8 and IE9) of the browser.

The bug's dynamics are all-too-familiar: if a hacker persuades a user to visit a specially-crafted webpage, they'll be able to install and run malicious software on the user's computer. It's another zero day attack, meaning the problem is currently being exploited by hackers before Microsoft has a working fix.

Browser Check First, Virus Attack Second

What makes this attack different is that the hackers are deliberately targeting users of the most vulnerable editions of the Internet Explorer browser. The technique used in the attacks involves sending bogus emails with links to a web page that appears blank, only existing to check which browser the visitor was using.

If they're found to be running Internet Explorer 6 or 7, the page redirects users to a site housing the virus. If the user is running a later edition of Internet Explorer, or a rival browser, they'll simply see an empty page. (Source: symantec.com)

The good news is that the initial exploit appears to be fairly limited. Thus far, only one web page used in the attack has already been shut down -- but that doesn't mean it won't be re-appearing under a different domain name any time soon.

No Emergency Patch Planned

For those who insist on living dangerously by using outdated versions of Internet Explorer, Microsoft has detailed four possible tweaks to limit the problem through a downloadable, automated "Fix It" tool. Microsoft says it doesn't currently see any need to update the later editions of the browser through an out-of-band release, otherwise known as an emergency patch. (Source: technet.com)

The fixit patches are available here:

http://support.microsoft.com/kb/2458511

Built-in security measures in Internet Explorer and Windows will also limit how successful any attacks may be. Internet Explorer versions 8 and 9 have a feature called Data Execution Prevention (DEP) that should protect against the attack, while Vista and Windows 7 use a protection method that limits how much damage an attacker can inflict.

Stay Informed: Subscribe Free to Infopackets, Today! Get your daily fix of Microsoft Windows news, reviews, tech tips, plus free software (freeware) goodies daily -- all absolutely free -- delivered straight to your email inbox! Bonus: join our website today and you'll also receive our highly coveted Top 10 Tech Reports, including: Top 10 PC Security Essentials, Windows Optimization Secrets, Top Freeware Antivirus, MS Office alternatives and more. Don't delay: subscribe today! Click here for more info.

Infopackets Game of the Week

Secrets of the Dark: Eclipse Mountain Collector's Edition

Click here to read more.

Most Clicked Stories
(In the Past 15 Days)

Freebies

Subscription Center

Recommended Sites

DownloadMix.com: More Freeware + Shareware

About

Established in 2001 and read by over 250,000 users world-wide, infopackets features the latest in headline news based on MS Windows, Internet, and technology trends. Subscription to our website is free! Join our discussion list, today!