Browser Security News

E-mailed bait to exploits of the still-unpatched vulnerability in Internet Explorer have been sent, a security company said Monday, escalating the threat facing Windows users. In addition, an earlier zero day bug in IE is now being exploited in the wild, and an unfixed flaw in Windows Media Player is behind a third attack.

San Diego-based Websense said it was starting to see mass-mailed lures, i.e. messages with links to sites hosting a Vector Markup Language (VML) exploit. The sites, noted Websense, are using the WebAttacker "kit" that has been updated to include the VML exploit.

The message cited by Websense drew users to a page posing as a Yahoo Greeting Card. Users’ PCs are compromised as soon as they hit the bogus site, since the VML exploit code is hidden in a 1-by-1-pixel iframe that looks like nothing more than a stray dot on the page. The site downloads and installs an IE Browser Helper Object that directs all HTTP posts to forms — such as a logon form for an online bank — to a third party. The object, naturally, is to collect lucrative financial information like bank or credit card account data. [tag]Internet Explorer[/tag][tag]Media Player[/tag]New IE, Media Player Attacks Begin; E-Mail Lures Users – News by InformationWeek