A flaw in Microsoft’s Internet Explorer V. 6 now has opened the door for potentially widespread Web attacks on users who visit adult sites, according to Web security experts. First discovered on Friday—when malware codes began showing up on several Russian adult websites—this recent attack is attributed to the use of WebAttacker software, which is exploiting the un-patched security bug to install malicious software to users’ PCs. This is the second security bug discovered in Microsoft’s browser, which last week the company confirmed had a flaw in its ActiveX control.
This latest bug affects IE 6’s processing of VML, which is used to display high-quality vector graphics, and the malware stealthily loads itself onto an unsafe PC after a user clicks on a link or email message that hosts it, according to Sunbelt Software. Even updated versions continue to be at risk, and the attack is affecting all Windows operating systems, says Eric Sites, vice president of research and development at Sunbelt. Web security say they believe WebAttacker has been upgraded to include the IE 6 exploit.
After noticing numerous Russian adult sites with the malware, Sunbelt researchers on Monday notified Microsoft, which on Tuesday confirmed the existence of the un-patched flaw. According to CNET, security-monitoring companies Secunia and the French Security Incident Response Team have rated the issue among their highest security concerns.
Adult websites appear ideal to exploit the IE vulnerability, according to Sunbelt. The heavy traffic provides plenty opportunity for the malware to infect and spread quickly, the company adds. “Since [the malware] is being built into the next version of the WebAttacker kit, we expect that this thing will be everywhere in a few days,” Sites says.
The number of attacks may rise quickly, according to Websense, an Internet security company. “We have confirmed multiple, previously known WebAttacker sites that are currently exploiting this vulnerability to install malicious software,” Websense representatives state. “We expect to see many of the several thousand WebAttacker sites begin to utilize the exploit, as they update to the latest release of the toolkit.”
Some experts recommend using the Firefox browser until the bug is patched. Microsoft says it plans to issue a patch by Oct. 10—sooner if warranted. “Microsoft is aware that this vulnerability is being actively exploited,” the company states. In the meantime, Microsoft recommends users keep their security software updated and take caution when browsing the Web. Microsoft also suggests disabling Java on browsers.
