Security Advisor

Still No Fix from Microsoft for Growing Number of IE Exploits

Plus: An eighth of malware attacks come from USB devices, scareware instances are growing.

As of this week, IE has gone unpatched for more than a month.

Under normal circumstances, if an attack was widespread, Redmond would have likely issued an out-of-band patch for a critical exploit. However, due to the Thanksgiving holiday and a lack of urgency to respond to the problem that first surfaced with this security advisory entry, the problem is still out there.

Others in the security field may not agree with Microsoft's current stance.

Security experts say it's important that Microsoft release an IE patch for the last month of the year (or at least  fix  the previous "remote code execution" issue affecting all versions of the browser).

The need to patch IE cumulatively has credence, as just this week Verizon Business researchers said they had discovered "a previously undisclosed vulnerability," which allows attackers to bypass Protected Mode on both Internet Explorer versions 7 and 8.

That's two outstanding issues regarding multiple versions of IE as the year comes to a close. As Microsoft prepares its advanced bulletin this Thursday, an IE patch might be in order.

Windows AutoRun Targeted
Security shop Avast out of the Czech Republic says that one out of eight malware attacks occur through a USB device. The group says most attacks are targeting the Windows OS and, more specifically, the AutoRun function as a vector for incursion.

The company reported that of the 700,000 recorded attacks on computers in its own user community during the last week of October, 13.5 percent came via USB devices such as flash drives.

Windows AutoRun alerts computer users when a new device is connected and helps them choose which application should run the new files.

"AutoRun is a really useful tool, but it is also a way to spread more than two-thirds of current malware," said Virus Lab analyst Jan Sirmer. "The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers -- which were also spread via infected memory sticks."

Scareware Framework Prevalent in Pesky Trojan
Scareware is not new, but it's getting more and more common. Scareware is basically malware that comes with fake warnings that scares you into clicking on a function to run a scan of viruses on your computer, which triggers a malware incursion.

Microsoft recently looked into the evolution of Trojan:Win32/FakeSysdef, which is one such instance of a Trojan bug that hides behind a scareware greeting called "System Defragmenter." Redmond says the main goal is to trick users into buying software that does nothing, but also has them unwittingly surrender credit card information.

The phrase "System Defragmenter," which the nasty exploit hides behind, should be a red flag, as it doesn't even make any real sense; it's almost as if hackers tried to jam in too much technical jargon. Apparently, it's working on some folks.

Microsoft has posted screenshots of the offending scareware here.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


comments powered by Disqus

Subscribe on YouTube