Hunter Strategies LLC logo

Microsoft News Tracker

What's more interesting than observing Microsoft?

March 27, 2006

Exploits rampant for latest Internet Explorer security flaw

Posted by David Hunter at 10:10 PM ET.

Over the weekend, there were reports of exploits appearing for the drive-by Internet Explorer security hole reported last week. Now they are cropping up in a lot of unexpected places. Brian Krebs at the Washington Post:

More than 200 Web sites — many of them belonging to legitimate businesses — have been hacked and seeded with code that tries to take advantage of a unpatched security hole in Microsoft’s Internet Explorer Web browser to install hostile code on Windows computers when users merely visit the sites.

In an update to its Security Response Web log, Microsoft security program manager Stephen Toulouse said the attacks Redmond is seeing against the IE flaw “are limited in scope for now and are being carried out by malicious Web sites.”

I have to call Microsoft out on both counts, and I think some of what I’ve uncovered so far about these attacks should make it clear that the situation is serious and getting worse by the hour.

According to a list obtained by Security Fix, hackers have infected at least 200 sites, many of which you would not normally expect to associate with such attacks (i.e., porn and pirated-software vendors). Among the victims are a regional business council in Connecticut, a couple of vacation resorts in Florida, a travel-reservation site, an online business consultancy, an insurance company, and a site featuring things to do at various cities across the country.

Many more details by following the link including reports from victims. Steven J. Vaughan-Nichols asks, “Why Is Anyone Still Using Internet Explorer?” Even accounting for hyperbole, now might be a good time to try a different browser for a while.



Filed under Internet Explorer, Microsoft, Security

Related posts:

 

3 Responses to “Exploits rampant for latest Internet Explorer security flaw”

  1. The Agonist Says:

    Attacks on Unpatched IE Flaw Escalate

    More than 200 Web sites — many of them belonging to legitimate businesses — have been hacked and seeded with code that tries to take advantage of a unpatched security hole in Microsoft’s Internet Explorer Web browser to install hostile code on Windo…

  2. Everyone is patching IE but Microsoft -- Microsoft News Tracker Says:

    [...] There’s a gaping drive-by Internet Explorer security exploit that cropped up without any prior warning and is now appearing all over the Web. Microsoft unhelpfully says don’t surf in any sleazy areas and we’ll have a patch next month on our regularly scheduled Patch Tuesday. Commentators note that with hacked web servers, exploits are appearing in the nicest neighborhoods and as a result, security companies are coming out with their own patches ([1], [2]) of which Microsoft disapproves. Nonetheless, Microsoft says they may well ship their own patch early if things look really, really serious. [...]

  3. Microsoft provides a big Patch Tuesday -- Microsoft News Tracker Says:

    [...] The 8 drive-by exploits included the one reported last month where hacked everyday web sites were being used as the shadowy “malicious web sites” Microsoft seems to be so fond of warning against. [...]

News Search:

Recent Posts:

Daily Digest Email:

Enter your Email


Powered by FeedBlitz

Categories:

Full category list

Archives:

Archive List

RSS Feed:



HunterStrat Links:

Other:

  • Powered by WordPress.

Advertisements:


 

Related:


Misc: