There is a 0day exploit currently exploiting a critical flaw in Microsoft's Internet Explorer.
If this is the first you're hearing of this flaw, check out the link below to hear Defintel's CEO, Chris Davis explain the situation:
CTV News - Exploiting Explorer
If a user visits a compromised site, malicious JavaScript code is injected into the browser, and Malware is downloaded onto the user's computer. The Malware that gets installed on the user's computer will likely remain nearly invisible to the average user. The goal of the attacker is not to disrupt a user's online experience, but rather to remain inconspicuous for as long as possible. The Malware allows the attacker complete access to user's computer and allows him to track everything you type into your keyboard.
Visit your legitimate online banking site and enter your user information? Now he's got it.
Visit your favourite social networking site and chat with some friends? Now he's got that too.
Microsoft intends to release a critical patch today, the second patch coming on Exploit Wednesday instead of Patch Tuesday in as many months. Back in October, Microsoft was forced to release an out-of-band patch to mitigate the extremely critical flaw in several Windows OS'.
In the meantime, users should use other browsers - FireFox, Chrome, Safari - whatever you like! Just not IE.
The general public is completely ill-equipped to deal with security events. Who knows how long it will be before the AV companies have signatures developed for this new exploit. And Microsoft surely isn't losing any market share over yet another security debacle.
Why do we still treat online security as though the Internet only encompasses six guys at Berkeley? Everyone is online, from 5 year old girls to 95 year old men - they can't all be expected to keep up to date with these vulnerabilities and exploits.
So, how do we help them?
If this is the first you're hearing of this flaw, check out the link below to hear Defintel's CEO, Chris Davis explain the situation:
CTV News - Exploiting Explorer
Researchers estimate that more than 10,000 sites are compromised. While in-the-wild exploits are currently targeting IE 7 on Windows XP SP2 and SP3, Windows Server 2003 SP1 and SP2, Windows Vista (including SP1) and Windows Server 2008, it's important to remember that all versions of Internet Explorer, from IE5 all the way to IE8 Beta 2, are affected.
If a user visits a compromised site, malicious JavaScript code is injected into the browser, and Malware is downloaded onto the user's computer. The Malware that gets installed on the user's computer will likely remain nearly invisible to the average user. The goal of the attacker is not to disrupt a user's online experience, but rather to remain inconspicuous for as long as possible. The Malware allows the attacker complete access to user's computer and allows him to track everything you type into your keyboard.
Visit your legitimate online banking site and enter your user information? Now he's got it.
Visit your favourite social networking site and chat with some friends? Now he's got that too.
Microsoft intends to release a critical patch today, the second patch coming on Exploit Wednesday instead of Patch Tuesday in as many months. Back in October, Microsoft was forced to release an out-of-band patch to mitigate the extremely critical flaw in several Windows OS'.
In the meantime, users should use other browsers - FireFox, Chrome, Safari - whatever you like! Just not IE.
The general public is completely ill-equipped to deal with security events. Who knows how long it will be before the AV companies have signatures developed for this new exploit. And Microsoft surely isn't losing any market share over yet another security debacle.
Why do we still treat online security as though the Internet only encompasses six guys at Berkeley? Everyone is online, from 5 year old girls to 95 year old men - they can't all be expected to keep up to date with these vulnerabilities and exploits.
So, how do we help them?
