News.com Mobile
for PDA or phone

CNET tech sites: Product reviews | Shop | Tech news | Downloads | Site map

Corrections Blogs Extra Readers' Choice My News

Front Door Business Tech Cutting Edge Access Threats Media 2.0 Markets Digital Life

Trojan horse rides on unpatched IE flaw

By Joris Evers
Staff Writer, CNET News.com

Published: November 30, 2005, 12:16 PM PST

TalkBack

E-mail

TrackBack

Attackers are taking advantage of an unpatched vulnerability in Internet Explorer to target users of the ubiquitous Web browser, Microsoft warned late Tuesday.

Malicious software that exploits the security flaw to download a Trojan horse to vulnerable computers has been found on the Internet, according to Microsoft. Detection and removal capabilities for the "TrojanDownloader:Win32/Delf.DH" have been added to Microsoft's recently launched online security-scanning tool.

"Customers can visit Windows Live Safety Center and are encouraged to use the Complete Scan option to check for and remove this malicious software and future variants," Microsoft said in its updated security advisory on the issue.

The security bug, exploited by the Trojan downloader, was originally reported in May. The bug was thought to only allow for a denial-of-service attack, which would cause IE to close. However, experts last week raised an alarm on the issue because it was discovered that it could be used to remotely run code on a vulnerable computer.

In other news:

Microsoft has yet to provide a fix for the vulnerability, but is working on a patch, according to the security advisory. Security-monitoring company Secunia deems the problem "extremely critical," its rarely given highest rating.

The vulnerability puts computers running Windows 98, Windows Millennium Edition, Windows 2000 and Windows XP at risk. An attacker could gain complete control of vulnerable systems by hosting malicious code on a Web site. Once an IE user visits the site, the malicious program would run without any user interaction.

Microsoft offers several workarounds to deflect attacks. These include changing IE settings to disable active scripting or prompt the user before running such scripts.

TalkBack

E-mail

TrackBack

TalkBack

Well then-- ACK

Artis Murphy Dec 2, 2005, 6:02 AM PST

Hey!

Eskie Eskie Dec 1, 2005, 10:51 PM PST

Owned.

Josh Smith Dec 1, 2005, 8:54 AM PST

Considering

Drew Howarton Nov 30, 2005, 1:00 PM PST

Did you know?

Select a tab below to set your default view.

The big picture Related stories What's hot Latest headlines

Resource center from News.com sponsors

Concerned About Computer Security?

Education is the best defense

Computer security threats are part of daily life. But today's malware techniques present unprecedented challenges for businesses of all sizes. Learn how to protect yourself.

Learn from the experts>>

Top picks from News.com readers

Readers who read Trojan horse rides on unpatched IE flaw also read...

Attack code released for IE hole

More Info

Markets

Market news, charts, SEC filings, and more

Daily spotlight

Previous Next

Video: A video slam-dunk

Here's a look at the tech behind those TV and online highlights of pro basketball games, in a narrated video produced by the NBA and Silicon Graphics Inc.

Photos: Gizmos made in Japan

Japan is still a leader in product design and innovation. Here are some new and notable gadgets.

Video: "The power to organize" online

Meetup.com founder and CEO Scott Heiferman says Meetup is spreading beyond America. The service, Heiferman says, is helping "make the world a friendlier place."