Original URL: http://www.theregister.co.uk/2006/03/31/ie_exploit_bbc_bait/
Hackers use BBC story to bait IE exploit
Auntie abused
Posted in Security, 31st March 2006 10:46 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Hackers are using excerpts from BBC news stories as a lure to trick surfers into visiting a website that exploits a new, unpatched vulnerability [1] in Internet Explorer.
The spam emails contain excerpts from actual BBC news stories and offer a link to "Read More". Surfers who follow this link are taken to a spoof copy of the BBC story hosted on a maliciously constructed site that exploits the unpatched createTextRange vulnerability [2] in an attempt to install key logging software on victim PCs.
This key logger monitors activity on various financial websites and uploads captured information back to the attacker, security firm Websense warns [3].
Surfers are advised to avoid responding to spam messages, no matter how enticing. Disabling Active Scripting in IE or using an alternative browser until Microsoft issues a patch are also advisable. ®