Tuesday, September 19, 2006

Newly Detected IE Exploit Spells Massive Spyware Trouble

Brian Krebs writes on Security Fix:

A previously undocumented flaw in Microsoft's Internet Explorer Web browser is reportedly being exploited by online criminals to install an entire kitchen sink of malicious software on any computer that visits any of a handful of sites currently exploiting the vulnerability.

Researchers at Sunbelt Software discovered the exploit last week while conducting some routine online surveillance of known crimeware gangs. According to Sunbelt researcher Eric Sites, the exploits at the moment appear to be hosted mainly on hardcore porn sites. But if past experience with new IE exploits holds true, we may soon see this exploit being sewn into the fabric of legitimate, but poorly programmed, business Web sites that hackers can manipulate to their advantage.

According to Sites, among the nasty pieces of software an IE user can expect to be whacked with upon visiting one of the sites is the BigBlue keystroke logger, which monitors and captures data from computers including screenshots, keystrokes, web cam and microphone data; it also records instant messaging chat sessions, e-mail information and the Web sites visited by the user.

More here.

0 Comments:

Post a Comment

<< Home