Trojan horse rides on unpatched IE flaw

Attackers are taking advantage of an unpatched vulnerability in Internet Explorer to target users of the ubiquitous Web browser, Microsoft warned late Tuesday.

Malicious software that exploits the security flaw to download a Trojan horse to vulnerable computers has been found on the Internet, according to Microsoft. Detection and removal capabilities for the "TrojanDownloader:Win32/Delf.DH" have been added to Microsoft's recently launched online security-scanning tool.

"Customers can visit Windows Live Safety Center and are encouraged to use the Complete Scan option to check for and remove this malicious software and future variants," Microsoft said in its updated security advisory on the issue.

The security bug, exploited by the Trojan downloader, was originally reported in May. The bug was thought to only allow for a denial-of-service attack, which would cause IE to close. However, experts last week raised an alarm on the issue because it was discovered that it could be used to remotely run code on a vulnerable computer.

Microsoft has yet to provide a fix for the vulnerability, but is working on a patch, according to the security advisory. Security-monitoring company Secunia deems the problem "extremely critical," its rarely given highest rating.

The vulnerability puts computers running Windows 98, Windows Millennium Edition, Windows 2000 and Windows XP at risk. An attacker could gain complete control of vulnerable systems by hosting malicious code on a Web site. Once an IE user visits the site, the malicious program would run without any user interaction.

Microsoft offers several workarounds to deflect attacks. These include changing IE settings to disable active scripting or prompt the user before running such scripts.

[Hobo453567]

Considering

Considering the fact that everyone jumps on Sony when they screw up I am surprised there were no comments here. MS has never released a finished product and yet it seems as though people have accepted that and are okay with it. Why do people jump all over anyone but MS when they screw up? Is it because MS usually tells people they screwed up? I am just tired of people immediately jumping on other companies but being "okay" with what MS does.

[Techie2010]

Owned.

More of a reason to use Firefox. Microsoft needs to get its ass in gear or they're gonna fall behind.

[Eskiegirl302]

Hey!

I just switched to FireFox a couple days ago. It has tons of extensions, and I am still reading the site. So far I like it ok. Used IE for years. Never tried Opera, for the reason he said. Not gonna pay for it. I got my google bar that is what I most care about, and the dude who invented FireFox just went to work at google. That's cool, cause soon Google is coming out with its own antivirus. I love it. Go guys Go!

[murophelia]

Well then-- ACK

So my computer has been compromised and completely hijacked since 12 November. And it sucks. Can anyone fix it? No.

We also use a MAC.
I dont think I am going back to the Gates of Hell.