- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Computer hackers have found another way to exploit an unpatched hole in Microsoft's Internet Explorer Web browser, using a specially designed attack Web site to install a Trojan horse program on vulnerable Windows machines.
The Trojan program changes the DNS configuration on the Windows machine so that requests for popular Web search engines like Google and AltaVista bring the Web surfer to a Web site maintained by the hackers instead, according to warnings from leading security companies.
The attacks are just the latest in a string of online scams that rely on an easy-to-exploit flaw in IE known as the "ObjectData" vulnerability. Earlier attacks that relied on the vulnerability include a worm that spreads using American Online's Instant Messenger network.
Microsoft released a patch for the ObjectData vulnerability, MS03-032, in August. However, even machines that applied that patch are vulnerable to the latest attack because of holes in that security patch, according to a bulletin posted by Network Associates.
The Trojan horse program is called Qhosts-1 and rated a "low" threat, Network Associates said. Trojan horse programs do not attempt to find and infect other systems. However, they do give attackers access to a compromised computer, often allowing a remote hacker to control the machine as if he or she were sitting in front of it.
Microsoft issued a statement Thursday saying that it was investigating reports of exploits for a variation on a vulnerability originally patched in Microsoft Security Bulletin MS03-032 and would release a fix for that hole shortly. A company spokesman could not say when the patch update will be released.
The Redmond, Wash., company recommended that customers worried about attacks install the latest Windows updates and change their IE Internet security zone settings to notify the user when suspicious programs are being run.
Qhosts-1 was installed on vulnerable Windows machines using attack code planted in a pop-up ad connected to a Web page set up by the hackers on a free Web hosting site, www.fortunecity.com, Network Associates said. The DNS servers used in the attack resided on systems owned by Houston, Texas, hosting firm Everyone's Internet, according to Richard Smith, an independent computer security consultant in Boston.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment