Text 17216, 76 rader
Skriven 2006-04-04 16:49:00 av George Vandervort (1:382/8)
Ärende: New MS IE Exploit
=========================
Hello All!



=== Cut ===

MARCH 31, 2006 (IDG NEWS SERVICE) - Hackers have posted a new version of
malicious software that will make it easier for them to exploit an unpatched
vulnerability in Microsoft Corp.'s Internet Explorer browser. Based on a
critical bug disclosed on March 22, the software was posted by hackers Friday
to the Milw0rm.com Web site.

The code exploits a flaw in the way IE processes Web pages using the
createTextRange() method. Hackers have been using malware that takes advantage
of this vulnerability to install unauthorized software on victims' computers
over the past week, but this new generation is considered to be more dangerous,
according to security researchers.


Older versions of the malware could freeze victims' browsers for more than a
minute, giving them an opportunity to shut down their computers or stop the
malicious software before it could complete its work. But the new software
works more quickly, meaning it will be particularly effective on older machines
with limited memory and processing capabilities, said Craig Schmugar,
researcher with McAfee Avert Labs.


Though hackers had not widely adopted the new software as of Friday morning,
Schmugar said he expected that to change. "It's still pretty early," he said.
"I think it's reasonable to expect that people will shift."


The software also uses new techniques to avoid certain types of signatures used
by antivirus vendors, said Aviv Raff, a security researcher based in Israel.
"It's much more effective," he said. "I think people should know and understand
that ... now they are more vulnerable."


The fact that the code was released just before the weekend is also worrisome,
because it means that "administrators have to wait for Monday to apply their
protections and to give warning to users," said Juha-Matti Laurio, a security
researcher in Helsinki.


With a fix for the problem expected as late as April 11, the date of
Microsoft's next scheduled security update, security companies Determina Inc.
and eEye Digital Security Inc. issued unsupported patches for the problem.
According to eEye, there have been more than 70,000 downloads of its software
since its Monday release.


Microsoft does not recommend that users install these patches. Instead, it
recommends that users disable IE's Active Scripting feature as a work-around.


Despite the severity of the TextRange() bug, McAfee says that the malware that
takes advantage of it is not particularly widespread. This software at present
ranks number 13 in McAfee's list of the top 20 pieces of malware being
reported, Schmugar said

=== Cut ===


Regards,
George Vandervort
InterNet EMail: georgev@austin.rr.com
Tech Support: http://home.austin.rr.com/llr/tech.html

'Using yesterday's software to create tomorrow's problems today'

ARACHIBUTYROPHOBIA: The fear of peanut butter sticking to the roof of your
mouth.

... When your Computer has a Virus, Don't feed it Chicken soup!
--- FMail/Win32 1.60
 * Origin: Bill Gates does my Windows (FidoNet 1:382/8)