Microsoft has issued an Internet Explorer update to ward off Scob and other worm and hack attacks, over a week after Scob exploited security breaches to siphon IE users’ passwords and account information from financial institutions’ Websites. The update closes a Windows function rather than fixing the function’s flaw, with Microsoft saying they were working on a patch to fix the flaw.
The Scob bug and other concerns prompted the Computer Emergency Response Team (CERT) of the U.S. Department of Homeland Security to urge Netizens to switch to other Internet browers away from IE last week, perhaps the first time a federal government agency had ever encouraged people not to use a particular Internet browser.
The new IE update disables the Adodb.stream function, said to be part of the ActiveX IE technology which allows Websites to put files onto user hard drives, according to Microsoft security chief Stephen Toulouse, who said corporate users could lose some capabilities because of the temporary fix. But Toulouse told reporters consumers visiting Websites should experience little impact.
Scob was a bug that dropped a Trojan horse into users’ computers when they visited certain Websites into which malicious code had been implanted. The comparatively quick reporting of the bug and response to the perceived threat – including tracking it to a Russian-based server and site which were closed down within a day or two of the bug’s emergence – probably helped keep the actual damage to a very low level, according to several Internet security companies.
Symantec, which makes Norton AntiVirus, has estimated as of July 4 that Scob’s distribution was a low-to-medium range with low damage results, though hard figures were not available.
