Select a newsletter and click Join to sign up!
Internet Daily
InternetNews

Business Report

 Boston News
DC News
NY News
SiliconValley News

InternetNews.com Podcast

InternetNews.com
Channel XML/RSS Feeds

InternetNews.com
rssrss

IT Business News
rssrss

Developer News
rssrss

Ecommerce News
rssrss

Software IT News
rssrss

Hardware IT News
rssrss

Government News
rssrss

Search News
rssrss

Enterprise IT Planet News
rssrss

Networking News
rssrss

IT Security News
rssrss

Storage News
rssrss

Mobility News
rssrss

Web Content News
rssrss

Internet Stats
rssrss

Linux Today
rssrss





Partner With Us







InternetNews.com >> Security



Microsoft Patches IE, But Security Issues Remain

As usual, the bad guys are ahead in the tug-of-war over security.

December 17, 2008
By Richard Adhikari: More stories by this author:

Microsoft today released a patch for the latest Internet Explorer (IE) browser vulnerability that has been in the news since last week.

However, malware authors have already begun pushing out customized variants of the flaw that the Microsoft patch may not address.

The vulnerability, rooted in IE's XML parser, lets attackers execute code on their victims' PCs.

By Saturday, at least 6,000 Web sites had been infected and the number is growing though ascertaining the exact number is difficult. However, security experts say things will get much worse, even if users follow Microsoft's (NASDAQ: MSFT) advice to install the patch immediately.

Currently attacks have only targeted IE 7, Christopher Budd, security response communications lead at Microsoft, said in a statement. They have not been successful against systems where the patch has been applied, according to Budd.

Microsoft is hosting two Webcasts to address customer questions about the security bulletin. The first was set for 1 p.m. PDT today and 11 a.m. PDT tomorrow in the U.S. and Canada. The Webcast will be available on demand after that.

According to researcher Rahul Mohandas on the McAfee (NYSE: MFE) Avert Labs blog, malware authors have already begun issuing customized version of the IE exploit with various degrees of stealth.

Come read this

One of the most prominent techniques is where the attacker sends victims a Microsoft Word document by e-mail that contains an embedded ActiveX control triggered when the document is opened. This exploit was listed as one of the SysAdmin, Audit, Network, Security (SANS) Institute's top 20 security risks in 2007.

Victims of the latest exploit are hit by drive-by injection attacks, where they go to a compromised Web site that automatically downloads malicious code onto their Web site.

Malware authors have come up with a new twist on this, Dave Marcus, security research and communications director at McAfee Labs, told InternetNews.com. They plant an IFrame onto a legitimate site and the IFrame redirects unsuspecting visitors to the site hosting the malicious code.

An IFrame is an HTML element that lets users embed an HTML document inside another HTML document. The CBS (NYSE: CBS) TV network site was hit by an IFrame attack on November 11 that saw visitors redirected to a server in Russia, according to security company Finjan's MCRC blog on November 27.

"We've seen an awful lot of sites that have been compromised with the IFrame on them," Marcus said. "It's a very Web 2.0 way of spreading malware."

Next page: Attacks expected to grow

Go to page: 1  2  Next  

TAGS: Microsoft, Internet Explorer, malware, security, browser




Security Archives | 7 Day InternetNews Summary | Contact Richard Adhikari | Back to top

Add internetnews.com
to your browser search box.

IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news
via our XML/RSS:
feed



More InternetNews.com


Hardware Software Mobility Web Content
Search Government Developer Business
Storage E-Commerce Networking Security

JustTechJobs.com New Openings
Applications Development PC Support Technicain II Senior Program Analyst (PA)
Windows Software Analyst-Great opportunity w/ stable, growing company! Account Executive - Technology Sales, New Business (TX) Windows Software Release Analyst - HOT TO HIRE!! (IL)
Search all Jobs » Post Your Job »


internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks

Internet.com eBook: Becoming a Better Project Manager
Intel Podcast Transcript: Talking vPro
Nokia Whitepaper: Improving Performance Across Platforms with Qt and Multithreading
Microsoft Partner Portal: Helping Customers in a Down Economy
  Small Business Solution Exchange: Is It Time for VoIP?
Adobe eBook: Open Up the Knowledge in Your Organization
Internet.com eBook: Developing a Content Management System Strategy
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

HP Webinar: Virtualization for Business Critical SAP on SQL Server
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
   HP On Demand Webcast: Grid Computing Meets Business
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

IdeaBlade Download: Build Better Apps Faster with DevForce EF
Microsoft Download: Silverlight 2 SDK
30-Day Trial: SPAMfighter Exchange Module
Iron Speed Designer Application Generator
   Microsoft Download: Silverlight 2 Developer Runtime (Windows)
IdeaBlade Download: .NET Programming with DevForce Classic
Amyuni Download: PDF and XPS Engine for Your .NET and ActiveX Applications
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Microsoft Article: Silverlight Tools for Visual Studio
Microsoft Article: RIA Apps For Python and Ruby Developers--Made Possible With Silverlight 2
   Access Silverlight Hosting Resources
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES