Alert: Hacked Hong Kong Porn Site Spews IE Attacks
Microsoft is warning of a large increase in the number of attacks aimed at an Internet Explorer vulnerability left unpatched last week. Some of the early attacks originated from a compromised Hong Kong pornserver, but the number of infected legitimate sites is in the thousands and climbing rapidly.
Microsoft is warning of a large increase in the number of attacks aimed at an Internet Explorer vulnerability left unpatched last week. Some of the early attacks originated from a compromised Hong Kong pornserver, but the number of infected legitimate sites is in the thousands and climbing rapidly.The XML attacks that began to be tracked late last week were originally thought to affect only Internet Explorer 7; current feeling is that all versions of Explorer are at risk.
Microsoft's initial warning, released Saturday, noted the compromised Hong Kong porn site, but also commented on the spread of the Trojan-dropping exploit to less prurient sites, including a Taiwanese search engine, later cleaned.
Microsoft estimated that 0.2 percent of the world's computers had been exposed to compromised sites, which number in the thousands.
The IE vulnerability is about as widespread through the browser's versions and iterations as possible. Microsoft's Security Advisory notes that the problem exists on:
"Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable."
The same advisory includes workarounds aimed at minimizing the risk.
Best way to avoid the risk, though, might be to shift to Firefox.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024