The day before last, we wrote about new highly critical vulnerability, which affects Microsoft Internet Explorer 6 on fully patched Windows 98, Windows XP and Windows 2003 Server systems. The flaw can be used by malicious people to infect victim computers and execute arbitrary, potentially harmful code. We have also supposed that if the hackers will manage to release an exploit before Microsoft’s fix, the flaw may endanger millions of Internet Explorer users.
Well, this has already happened. Exploits of the new flaw are publicly available. Hackers already began testing and using them – over 100 malicious web sites are hosting exploits that secretly install stealth keyloggers and dangerous backdoors to visitor systems. Most of these parasites are variants of the infamous Sdbot pest, which provides the remote attacker with full unauthorized access to the compromised computer. And that’s not all. About 10 new malicious sites appear every hour dropping different parasites.
According to some security experts, most hackers are still testing the exploits. Some of the exploits do not even work properly. However, tests shouldn’t take a long time. About 5,000 malicious sites may appear over the next few days. The most interesting fact is that new IE exploits can also be found on fully legitimate resources that have been compromised, so it can be quite difficult to determine whether your favorite site is safe, or not.
Microsoft continues to investigate infection reports. It is still unclear, when an Internet Explorer fix will be available.
Currently, the only protection from exploit attacks is completely disabling the Active Scripting support in Internet Explorer. Microsoft provides a security advisory, which explains how to do this. Of course, you can always use an alternative web browser like Mozilla Firefox or Opera. The latter programs are not affected.