Winga
20 Sep 2006, 01:03pm
A new zero-day attack (http://software.silicon.com/malware/0,3800003100,39162581,00.htm) affecting IE 6 browsers has been discovered. VeriSign's iDefense have confirmed that numerous dodgy porn websites are already exploiting this flaw.
By merely clicking a link, malicious software can be loaded, unbeknown to the user, onto a vulnerable Windows PC. French Security Incident Response Team and Secunia have given the problem their most serious rating. Evidence has been uncovered that nasty porno sites are using this flaw to install vast amounts of adware on to people’s machines. A Windows component called "vgx.dll" is responsible for the flaw.
Microsoft plans to fix the flaw as part of its monthly patching cycle on 10 October, but this will mean that the problem will persist for even diligent users until that time. The fix will not come anywhere near soon enough, according to Websense, who expect that the number of attacks utilising this flaw will explode.
Source: TechSpot (http://www.techspot.com/news/22930-new-zeroday-attack-concerning-ie-6.html)
By merely clicking a link, malicious software can be loaded, unbeknown to the user, onto a vulnerable Windows PC. French Security Incident Response Team and Secunia have given the problem their most serious rating. Evidence has been uncovered that nasty porno sites are using this flaw to install vast amounts of adware on to people’s machines. A Windows component called "vgx.dll" is responsible for the flaw.
Microsoft plans to fix the flaw as part of its monthly patching cycle on 10 October, but this will mean that the problem will persist for even diligent users until that time. The fix will not come anywhere near soon enough, according to Websense, who expect that the number of attacks utilising this flaw will explode.
Source: TechSpot (http://www.techspot.com/news/22930-new-zeroday-attack-concerning-ie-6.html)