We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Hackers exploit IE flaw patched last week

Internet Explorer plug installs back door in PCs

Hackers have exploited a flaw in Internet Explorer that was patched two weeks ago, says Trend Micro.

In a blog posting, the security vendor Trend Micro said it had spotted the first attack taking advantage of one of two flaws patched in last week's security release. Microsoft has already warned that either of these vulnerabilities would be easy to exploit in online attacks.

See also: Microsoft Internet Explorer 8 review

Over the weekend, Trend Micro researchers spotted what appears to be a small-scale, targetted attack that exploits the flaw to install spy software, said Paul Ferguson, a researcher with the antivirus vendor. "It installs a back door that uploads stolen information on port 443 to another site in China," he said.

Microsoft was unable to comment on Trend Micro's report.

Although Ferguson does not know who wrote the attack code, he said that it looks similar to software that was sent to pro-Tibetan groups about a year ago, apparently for the purpose of intelligence gathering.

Both last year's attack and this latest malware are triggered when the user opens a malicious Word document. That document contains an ActiveX object that connects IE to a malicious website, which launches the attack and then installs the spy software.

The criminals don't need to use Word to exploit this flaw - the attack would work if the victim were simply tricked into visiting a malicious website - but this technique is consistent with past Tibet-focused attacks, Ferguson said.

Whether this will lead to more widespread Internet Explorer attacks is unclear, Ferguson said.

Verisign's iDefense group thinks that more attacks are likely. "Although this attack is limited in scope and will likely only be targeted to very few organisations, the availability of reliable exploit code will soon be discovered by others and these attacks will likely be widespread within a week's time," the company said.

"Right now, we don't see any real proof of an ongoing campaign here," Ferguson said. "But... it's very simple to mitigate this threat completely. You don't have to worry about antivirus protection: Just patch your machines."

See also: Microsoft puts $250k bounty on Conficker worm

IDG UK Sites

Android M Developer Preview announced at Google I/O: Android M UK release date and new features. Wh?......

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Ben & Holly's Game of Thrones titles spoof is delightfully silly

IDG UK Sites

Mac OS X 10.11 release date rumours: all the new features expected in Yosemite successor