Another way has been found for Internet Exploder versions 6 or 7 to be compromised. It was first posted by a hacker, and later confirmed by Symantec (good to know they’re working together on this!) to be a way to install rogue software on the user’s machine.
The story comes from NetworkWorld, and apparently has no effect on Internet Exploder 8.
A hacker has posted attack code that could be used to break into a PC running older versions of Microsoft’s Internet Explorer browser.
The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim’s computer.
“Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7,” the company wrote on its Web site Saturday. “We expect that a fully-functional reliable exploit will be available in the near future.”
Strange how this works. It’s almost like the old salesman’s trick of prediction and proof.
Security consultancy Vupen Security has also confirmed that the attack works, saying it worked on a Windows XP Service Pack 3 system running IE 6 or IE7. Neither company was able to confirm that the attack worked on Microsoft’s latest browser, IE 8.
Symantec did not report that the attack is being used by cyber-criminals, but because Internet Explorer is so popular, this type of code is highly coveted by hackers. If the software does pop up in online attacks, it will put pressure on Microsoft to rush out an emergency patch, ahead of its regularly scheduled Dec. 8 security update. Microsoft could not be reached Saturday for a comment on the issue.
Together, IE 6 and IE 7 command close to 40 percent of the browser market.
That is just sad.
Or use another browser. When the fix is so simple, why make it hard? Opera, Firefox, Chrome…the choices are certainly there.
Internet Explorer large market share.
The solution is clear.