11/30/2005

Trojan horse rides on unpatched IE flaw

Filed under: — By Aviran Mordo @ 5:16 pm

Attackers are taking advantage of an unpatched vulnerability in Internet Explorer to target users of the ubiquitous Web browser, Microsoft warned late Tuesday.

Malicious software that exploits the security flaw to download a Trojan horse to vulnerable computers has been found on the Internet, according to Microsoft. Detection and removal capabilities for the “TrojanDownloader:Win32/Delf.DH” have been added to Microsoft’s recently launched online security-scanning tool.

The security bug, exploited by the Trojan downloader, was originally reported in May. The bug was thought to only allow for a denial-of-service attack, which would cause IE to close. However, experts last week raised an alarm on the issue because it was discovered that it could be used to remotely run code on a vulnerable computer.

Microsoft has yet to provide a fix for the vulnerability, but is working on a patch, according to the security advisory. Security-monitoring company Secunia deems the problem “extremely critical,” its rarely given highest rating.

Source: News.com

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress