http://www.gcn.com/online/vol1_no1/47747-1.html By Jabulani Leffall GCN.com 12/16/08 A zero-day flaw in Internet Explorer 7 reported last week has sparked increased hacker activity, and now the attacks involve most versions of Microsoft's Internet browser. Still, Microsoft does not plan to issue a fix for the exploit until sometime next year. The attack code originated on Chinese servers and initially only affected IE7, but it emerged that IE5.01, IE6, IE7 and IE8 Beta 2, have also been exploited. On Monday, Redmond continued to investigate what it called "huge increases" in attacks exploiting the "critical" vulnerability in Internet Explorer. A blog post on Saturday explained that some of the attacks originated from compromised porn sites. Microsoft is stressing that avoiding questionable Web destinations may not be an adequate defense in itself. "This class of attack, along with other more classical forms of website intrusion, mean[s] that even trusted sites can end up serving malicious content, causing you[r computer] to get infected. Other researchers confirmed that attacks were increasingly coming from compromised Web sites," the blog said. [...] _______________________________________________ Help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.htmlReceived on Tue Dec 16 2008 - 22:15:28 PST
This archive was generated by hypermail 2.2.0 : Tue Dec 16 2008 - 22:22:38 PST