Researchers have spotted a first exploit for an 'extremely critical' vulnerability in Microsoft's Internet Explorer.
Visitors to an infected website will automatically be hit with a new variant of the Spybot worm.
The malware opens a backdoor on the system and attempts to lower the security settings, effectively turning infected systems into zombie computers.
Security firm Secunia notified Microsoft about the threat on 13 February and issued an advisory.
Of the major antivirus vendors, McAfee said that had updated its signature files to detect and remove the new Spybot variant. Symantec had not listed the worm at press time.
Trend Micro told vnunet.com that it is working on an update and will release a signature later on Friday afternoon (Pacific Time).
Monty Ijzerman, manager of security at McAfee, told vnunet.com that he expects Microsoft to release a patch soon. "Microsoft has had some time to research this issue," he said.
The vulnerability is caused by an error in the way that the browser processes the 'createTextRange' method call on a radio button. Users can prevent infection by disabling Active Scripting in their browser settings (instructions can be found here).
Microsoft confirmed the bug on Wednesday in a blog posting and issued a security advisory on Thursday. At the time of the publication of the advisory, Microsoft stated that it was not aware of attacks using the vulnerability.
The detection of the worm caused the SANS Internet Storm Center to raise its Infocon threat level to yellow, representing the second step on a four-step scale.
This indicates that researchers are tracking a significant new threat but that its impact is unknown. Users are advised to take immediate action.
The way that the flaw can be exploited is similar to the Windows .wmf vulnerability that emerged in January. Attackers posted infected images on websites that allowed the execution of arbitrary code on Windows systems.
Ijzerman believes that the 'createTextRange' vulnerability will be harder to exploit. "The .wmf vulnerability was a feature in the Windows code that worked on any version of the Windows operating system," he said.
"With the 'createTextRange' all versions are vulnerable, but exploits will not work on all versions of the operating system."
Although exploitation requires advanced programming skills, Ijzerman expects that knowledgeable worm authors will be able to create a universal exploit that first determines the operating system's version and then deploys a specific exploit.
Post your comment
Send an email to the Computing editor at feedback@computing.co.uk
del.icio.us
digg this
reddit!
Onboard web service due to arrive in 2007 is behind schedule 21 Aug 2008
The British Computer Society will conduct an independent review of NHS IT policy 21 Aug 2008
Better public sector data sharing would provide all the necessary information, says think tank 21 Aug 2008
More news
Privacy fears over directive that will allow organisations to view emails, texts and web use 21 Aug 2008
Firms recognise need for IT – but staff must keep skills up to date 20 Aug 2008
Transport for London cuts its ties with the TranSys consortium and begins plans for its replacement 21 Aug 2008 More in depth
Advertising Marketplace
- Enterprise Accounting Solutions
- Business Intelligence Solutions
- Enterprise Content Management (ECM)
- Supply Chain Management
- Enterprise Resource Planning (ERP)
- Project Management Solutions
- Customer Relationship Management (CRM)
- Security Solutions
- Systems Management
- Networking and Communications Solutions
Featured jobs
More job opportunities