Over the past couple days a very serious security flaw has been discovered with Microsoft’s Internet Explorer Web Browser they are now calling the “Zero Day Exploit” (Read more about it here, here, and here) All versions of the browser are affected including the most current versions 6 & 7. This exploit has the ability to compromise your personal information including credit card, and other personal information.
The attacks are seeking to load malicious software onto vulnerable machines. Microsoft has seen several hundred detections of exploits from around the globe, though the sites taking advantage of the vulnerability appear to be hosted on Chinese domains. The exploit sites that have been reported so far have been dropping a wide variety of malware onto affected machines. The most common type of malware being dropped has been password stealers like Win32/OnLineGames, and Win32/Lolyda. Other things include keylogger programs like Win32/Lmir, Trojan horse applications like Win32/Helpud along with some previously unseen malware which is generically detected as Win32/SystemHijack. We should expect that the variety of malware being dropped by this exploit will broaden as the exploit code starts to circulate around the Internet underground. What this means is that you should be wary while using Internet Explorer to surf the web, even in you predominantly surf trusted sites.
The exploit has made it possible for malicious code to be injected into some sites through a process called SQL Injection. Microsoft announced this afternoon that an emergency patch will be released as soon as it is available instead of users having to wait until next month’s regularly scheduled automatic patch update. In the meantime, Microsoft has given a few tips for users to help prevent them from being affected by the security flaw in their browsers. The company recommends setting the Internet zone security setting to “high” and using access control lists to disable Ole32db.dll to provide the most effective protection against an attack. A better solution for you might be to switch to an alternative browser instead of worrying about having to possibly deal with a potential problem in the future. We at Hall are big fans of open source browsers which are not only free but typically have better security and cool features such as built-in pop-up blocking and plug-ins. Specifically we recommend (for Windows Machines):
Most of these browsers will give you the option to import your Internet Explorer settings, bookmarks, etc. when the browser is first installed and used so you’re transition is painless. Enjoy safer, faster, and more secure browsing!
Note: Microsoft has released the critical update that should fix their Internet Explorer browser’s security issue. This patch can be downloaded by running Windows Update, or by visiting this page and clicking on the link next to the description that best describes your current system setup.