The malware opens a backdoor on the system and attempts to lower the security settings
A first exploit has appeared for an 'extremely critical' vulnerability in Internet Explorer
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com

Free email newsletters




ADVERTISEMENT

Attackers target unpatched IE bug

Zero day attack hits the web

Tom Sanders in California, vnunet.com 24 Mar 2006
ADVERTISEMENT

Researchers have spotted a first exploit for an 'extremely critical' vulnerability in Microsoft's Internet Explorer.

Visitors to an infected website will automatically be hit with a new variant of the Spybot worm. 

The malware opens a backdoor on the system and attempts to lower the security settings, effectively turning infected systems into zombie computers.

Security firm Secunia notified Microsoft about the threat on 13 February and issued an advisory

Of the major antivirus vendors, McAfee said that had updated its signature files to detect and remove the new Spybot variant. Symantec had not listed the worm at press time. 

Trend Micro told vnunet.com that it is working on an update and will release a signature later on Friday afternoon (Pacific Time). 

Monty Ijzerman, manager of security at McAfee, told vnunet.com that he expects Microsoft to release a patch soon. "Microsoft has had some time to research this issue," he said.

The vulnerability is caused by an error in the way that the browser processes the 'createTextRange' method call on a radio button. Users can prevent infection by disabling Active Scripting in their browser settings (instructions can be found here). 

Microsoft confirmed the bug on Wednesday in a blog posting and issued a security advisory on Thursday. At the time of the publication of the advisory, Microsoft stated that it was not aware of attacks using the vulnerability. 

The detection of the worm caused the SANS Internet Storm Center to raise its Infocon threat level to yellow, representing the second step on a four-step scale. 

This indicates that researchers are tracking a significant new threat but that its impact is unknown. Users are advised to take immediate action.

The way that the flaw can be exploited is similar to the Windows .wmf vulnerability that emerged in January. Attackers posted infected images on websites that allowed the execution of arbitrary code on Windows systems.

Ijzerman believes that the 'createTextRange' vulnerability will be harder to exploit. "The .wmf vulnerability was a feature in the Windows code that worked on any version of the Windows operating system," he said.

"With the 'createTextRange' all versions are vulnerable, but exploits will not work on all versions of the operating system."

Although exploitation requires advanced programming skills, Ijzerman expects that knowledgeable worm authors will be able to create a universal exploit that first determines the operating system's version and then deploys a specific exploit.

See also:

Critical flaw in Sendmail's could give hackers full access to affected networks
Critical flaw found in Sendmail
Patch immediately or get hacked, warns security expert  23 Mar 2006
'Social' news websites are providing new opportunities to spammers and scam artists
Scammers attack 'social' news sites
Can unedited sites guarantee accurate reporting?  20 Mar 2006
Researchers craft first RFID virus
RFID systems open to viruses  15 Mar 2006
The financial sector has been identified as the most attacked by hackers
Hackers cash in on financial sector attacks
But pharmaceuticals is top target for spyware  15 Mar 2006
The OS X hacking contest ran for 38 hours and resulted in no successful hacks
Apple OS X withstands hacking contest
Contestants fail to break Apple software  08 Mar 2006
Clagger-H uses social engineering in the form of a bogus message from PayPal
Clagger Trojan sparks AV industry war of words
Handbags at dawn over new malware  28 Feb 2006

All Bugs & Fixes

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Are you bored at work? Take control of your life & career. Why not get in touch now and find out how
United Kingdom | Advent Computer Training
Are you stuck in a dead end job? Do you want to take control of your salary, life and career? Advent IT and computer training offers advanced, professional training and helps you find the right ... more >
Information Services Manager (IT)
Newcastle upon Tyne, United Kingdom | NCFE
Information Services Manager - £37,626 - £50,633 - Newcastle Upon Tyne   Information Services Manager, (IT Manager) Newcastle Upon Tyne, Times Top 100 company, City Centre Location.  We're looking for an experienced IT Manager/professional who ... more >
Technical Architect
London, United Kingdom | BP
Technical Architect - £ Competitive - LondonAbout BP Our business is the exploration, production, refining, trading and distribution of energy. This is what we do, and we do it on a truly global scale. With ... more >
CMS Engineer
Welwyn Garden City, Hertfordshire, United Kingdom | Tesco.com
CMS Engineer - Welwyn Garden CityWho's behind the world's most successful online retailer? Just over 10 years ago we started Tesco.com (aka Dotcom). Today, we've an incredible 750,000 active customers and sales at just under ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503