Internet Explorer security alert: Microsoft says all users at risk
Users of Internet Explorer, the world's most popular web browser, are at risk of having their computers hijacked because of a security flaw.
The flaw allows criminal gangs to take control of people's computers and steal their personal information when they visit websites that have been corrupted by malicious hackers.
It is believed that as many 10,000 sites have been compromised since last week.
Microsoft said that it had detected attacks on machines using Internet Explorer 7, the most widely-used version of the browser, but that other versions are "potentially vulnerable".
"We are actively investigating the vulnerability that these attacks attempt to exploit," the firm, which also makes the Windows operating system, said in a security statement.
"We will continue to monitor the threat environment and update this advisory if this situation changes."
By last Saturday about 0.2 per cent of Internet Explorer users had already visited one of the websites designed to exploit the flaw, according a statement on the technology giant's Malware Protection blog. The flaw was first exploited last week but there has been a sharp increase in attacks in the last few days.
Given that three-quarters of people on the web use Internet Explorer, millions of people could already have been targeted.
Microsoft has published a list of technical changes that it say should protect against the threat until it can release a software update to close the loophole, although the instructions would be incomprehensible to most casual surfers.
It has also advised users to enable their firewalls and install anti-virus and anti-spyware software, but web security experts say the best guarantee of safety is to use an alternative browser such as Firefox, Safari or Opera, which can all be downloaded for free.
The websites corrupted by the hackers are mostly Chinese, and have been programmed to steal passwords for computer games which can be sold for money on the black market.
But the Internet Explorer security flaw could also be exploited by criminals seeking to steal people's bank details, private data and identities. "That's a big fear right now," said Paul Ferguson of Trend Micro security researcher, warning of "mayhem" if fraudsters succeed.
Graham Cluley, a virus expert at internet security firm Sophos, said that the “staggering” number of people could be affected by the attacks. While many of the compromised sites are pornographic, many are legitimate, mainstream web pages.
“Problems like this are found all the time but Microsoft always has a fix. What’s new about this situation is that there is no fix.
“This is a really critical and serious problem. People should make sure their anti-virus software up to date, and remember to install Microsoft’s security patch when it is released.”
But he added that switching browsers may be an over-reaction. “It’s certainly a fix and gets around this problem, but Firefox, Google Chrome and other browsers all have their own security issues.”
For me, only slightly annoying in the sense that at work I use Web based outlook and its performance in Firefox is rubbish - the screen is completely useless. With IE it's set up brilliantly, but I've no idea how to make it look like that in Firefox! Other than that I tend to use firefox for most things, but I guess whatever you use you're probably not 100% safe. Be careful kids!!
7 comments by 2 or more people[Skip to the latest comment]
I couldn’t give a toss.
16 Dec 2008, 18:08
What I mean is, it’s my works party tonight and I’m not going to let such trivialities worry me, not that I would anyway, it’s just not worth it.
16 Dec 2008, 18:12
Just out of interest, why don’t you install the Outlook Client to connect to Exchange? Far easier than using OWA.
You won’t be able to get OWA to look nice in Firefox – OWA, Exchange, IE all MS products, hardly surprising it works best in their browser.
17 Dec 2008, 11:53
A fix is apparently 5 hours away at time of writing. http://news.bbc.co.uk/1/hi/technology/7787445.stm
17 Dec 2008, 13:03
17 Dec 2008, 15:58
“Guys, would recommend to use firefox. its virus free.”
17 Dec 2008, 16:02
mmmmmm virus free
“Meanwhile Mozilla has released a scheduled update for its open source Firefox web browsers for at least 10 different vulnerabilities.
The bugs in the browser could have been “used to run attacker code and install software, requiring no user interaction beyond normal browsing,” said Mozilla. “
18 Dec 2008, 13:08
Add a commentYou are not allowed to comment on this entry as it has restricted commenting permissions.