Smut sites use IE exploit to spread spyware | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

How IT Management Can "Green" the Data Center
A Gartner Report
What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
Gartner Paper: US Data Centers
The Calm Before the Storm
SSL in High-Security Browsers
The Browser Security Revolution
The Perfect (Virtual) Marriage
Deduplication and VMware
Solution Brief: Reduce Energy Costs
With Green IT Solutions

The Register » Security » Spyware »

Smut sites use IE exploit to spread spyware

Drive-by downloads

By John Leyden → More by this author

Published Thursday 21st September 2006 11:44 GMT

How IT Management Can "Green" the Data Center - Free Download

Hackers are taking advantage of a new, unpatched Internet Explorer vulnerability to infect users visiting pornographic websites.

There's a number of unpatched (or so called 0-day) flaws around at the moment, but this one takes advantage of a flaw within the Vector Markup Language (VML) component of IE.

VML is an XML file that allows vector drawings to be delivered to surfers. The security bug is unrelated to a (still unpatched) flaw in Microsoft's Direct Animation Path (daxctle.ocx) ActiveX control discovered last week.

Security researchers at Sunbelt Software report the latest exploit is being used to install spyware on vulnerable systems visiting hostile sites.

To avoid such drive-by downloads, users are advised to avoid visiting pr0n sites. In the circumstances, use of an alternative browser such as Firefox or Opera is also to be advised.

A full write-up of the problem can by found in an advisory be the SANs Institute's Internet Storm Centre here. ®

Save money taking your comms online - Free live event - Register now

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Security flap over support ActiveX controls bug (27 February 2007)
Dutch botnet duo sentenced (1 February 2007)
Attackers end-run around IE security (8 November 2006)
Web viruses drop off despite IE exploit flap (18 October 2006)
Infection-by-cache risk unearthed (12 October 2006)
Firefox JavaScript risk downplayed (3 October 2006)
MS releases emergency IE fix (27 September 2006)
MS mulls emergency IE fix (26 September 2006)
Hackers target home users for cash (25 September 2006)
Unofficial IE patch saves humanity (25 September 2006)
Warnings grow over unpatched IE flaw (18 September 2006)
Patch Tuesday omits critical Word fix (14 September 2006)
Trojan targets 0-day Word vuln (5 September 2006)
Unpatched enterprise security bugs proliferate (24 August 2006)
Microsoft flaw fix opens users to attack (24 August 2006)
ActiveX security faces storm before calm (2 August 2006)
MS announces plans to deliver IE7 as security update (27 July 2006)
Flaw finders lay siege to Microsoft Office (22 July 2006)
Browser crashers warm to data fuzzing (13 April 2006)
Patches released for zero-day IE threat (29 March 2006)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

How IT Management Can "Green" the Data Center

This Gartner research provides managers with an outline of the trends affecting datacenters and offers strategies with which to address these changes..

whitepaper title

Gartner Paper: US Data Centers

U.S. enterprise data centers face considerable space and energy constraints over the next few years. Download this free independent report to read more..

Whitepapers
Enabling the Data Center Metamorphosis How To Protect Against Threats Reducing the complexity and cost of the print environment Why Green Security Makes Good Business Sense

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search