Microsoft sees "huge increase" in IE attacks

 

Gallery

Posted on 15 Dec 2008 at 10:59

Microsoft has warned of a "huge increase" in attacks exploiting a critical vulnerability in Internet Explorer.

The vulnerability stems from a memory corruption error in the handling of DHTML data bindings, and affects all versions of Internet Explorer. Hackers have been exploiting the flaw for a week, but Microsoft says there's been a surge in attacks over the weekend.

"Based on our stats, since the vulnerability has gone public, roughly 0.2% of users worldwide may have been exposed to websites containing exploits of this latest vulnerability," says researchers Ziv Mador and Tareq Saade on the Malware Protection Center blog.

"That percentage may seem low, however it still means that a significant number of users have been affected. The trend for now is going upwards: we saw an increase of over 50% in the number of reports today [Saturday] compared to yesterday."

The researchers claim that hackers are now changing tactics. In the past attacks have come from malicious websites, but now legitimate websites are being modified by hackers to launch the attack, naming a Taiwanese search engine and a Hong Kong-based pornography site.

Figures from Trend Micro suggest around 6,000 sites have been infected to exploit the flaw, with the figure "quickly increasing in number."

Author: Stuart Turton