We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Internet Explorer under attack even if not in use

A new kind of threat, but not necessarily serious

With the number of non-Internet Explorer browsers expanding rapidly, a new spyware attack has surfaced that uses Java to infect IE even when the browser isn't being used at the time.

The result, says a researcher, is that even users of browsers such as Mozilla, Firefox and Avant can find their Windows operating system and IE browser infested with malicious code. While limited in its effectiveness, security experts say the attack is significant because it represents a shift away from the use of browser-specific technology as an attack vector.

Previous attacks have often used technology such as ActiveX which can only interact with IE; many users have switched away from IE specifically to get away from such technologies.

News of the attack first surfaced on a web forum and was later investigated by Christopher Boyd of Vitalsecurity.org, a UK-based security news site. When users visit an infected site, they are asked to install a Java applet distributed by "Integrated Search Technologies".

If the user agrees, a .jar file is downloaded, which proceeds to download and install a number of adware applications, according to Boyd. IE then automatically opens, displaying advertisements and embedded advertising tools. The attack works regardless of IE's security settings, Boyd said. The installed adware includes DyFuCA, Internet Optimizer, ISTsvc, Kapabout, sais (180 Solutions), SideFind and Avenue Media, he said.

Several factors limit the seriousness of this particular attack. It only works with Sun Microsystems's Java Runtime Environment, not that made by Microsoft. The Java dialogue box warns that the applet's security certificate was issued by a company that is "not trusted", and that the certificate "has expired or is not yet valid".

However, such warnings will not necessarily keep users from installing the applet, particularly if it appears on an innocuous site, Boyd said. The applet turned up on a site distributing Neil Diamond lyrics.

The installer works on Firefox, Mozilla, Netscape and Avant, but was blocked on NetCaptor and Opera, Boyd said. "Only two out of six had the good sense to steer clear of even asking the user if they wanted to install the applet," Boyd wrote on Vitalsecurity.org.

Not everyone agrees the attack is any cause for concern. Mike Healan, of antispyware site SpywareInfo, said Java attacks are nothing to worry about because applets always generate a warning before installing code that runs outside the Runtime Environment's "sandbox", its security-protected area. "Personally, I don't see this installer as a problem. It can't do anything unless the user ignores a very stern security warning," he said in a comment on the site.


IDG UK Sites

Windows 10 release date, price, features. The next version of Windows will run on everything:....

IDG UK Sites

Windows 9 and the death of the OS as a must-have product

IDG UK Sites

Video trends: 4K is here โ€“ HDR video, VR and 3D audio is coming

IDG UK Sites

How Windows 10 is even more like Mac OS X, and not just because it's another OS Ten