Dubai: Users of popular web browser Internet Explorer (IE) are currently exposed to “limited, targeted attacks” due to a gaping "hole" used by hackers to hijack computers -- possibly for financial gain, Gulf News has learnt.
Internet security experts had warned users and advised them to avoid exposure from such by using a non-Microsoft browser while Microsoft scrambles to fix a security flaw in IE versions 6 through 11.
FireEye Research Labs, a leader in curbing cyber crimes, first identified a “zero-day” exploit used in the attacks on Saturday.
A “zero day” exploit is an attack that takes advantage of a security hole in a browser or application while the developer is still putting together a “patch” to plug that hole.
“The issue is very serious because a lot of people are running Internet Explorer. What will be happen if a PC or laptop is infected is that the hacker will have the same rights on the computer as the administrator,” Amer Chebaro, regional manager for Symantec Gulf and Levant, told Gulf News.
He said an attacker could then install programs that will enable the hacker to view, change, or delete data. He can also create new accounts with full user rights.
Vulnerability
Chebaro explained that a “.DLL” file causes this vulnerability.
What’s uniquely dangerous with this exploit is that even it pokes holes on Explorer versions 6 to 11, though the exploit targets IE9 and higher.
Microsoft earlier said on its website that the vulnerability may corrupt a computer’s memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
An attacker could then host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
Another IT security expert warned that malicious code exploits HTML, or hypertext markup language, the lingua-franca of the internet.
“It is known that this vulnerability was used by malicious software in some targeted attacks. It may be used in drive-by exploits, which help in injecting malicious code into HTML code of a web site. After a user gets to this web site, malicious software will be downloaded to his system secretly and automatically,” said Vyacheslav Zakorzhevsky, Head of the vulnerability Research Group at Kaspersky Labs.
In this particular case, he said the drive-by attack will be successful if a user surfs the web with Internet Explorer and Adobe Flash Player plugin.
Microsoft said it is taking appropriate action to protect its customers. This may include issuing a security patch, either through its monthly security update release process or as a one-off update.
Microsoft did not respond to Gulf News queries at the time of publication.
“The best way is to install another popular browser and stick to browsing reputable websites and be wary of clicking on links in unsolicited email,” Chebaro said.
According to FireEye, the vulnerable versions of IE accounted for 26.25 per cent of the browser market in 2013.
Symantec said it had carried out tests that confirmed the vulnerability crashes of Internet Explorer on Windows XP. Worse, since Microsoft XP are completely exposed.
“This will be the first zero-day vulnerability that will not be patched for Windows XP users,” Chebaro said.
While Microsoft said it’s working on a patch, he said it won’t be made available for XP users so the Symantec tool offers a workaround for those users.
Microsoft has stopped support for Windows XP security updates on April 8.
Chebaro said XP users should consider upgrading to Windows 7 or Windows 8.1 version.
“We have created a small script on our website where the user can go and double click it will unregister VGX.DLL and users need to update their anti-virus software,” Chebaro said.
