News

Hackers exploit latest IE zero-day with drive-by attacks

Hackers are exploiting the just-disclosed unpatched bug in Internet Explorer (IE) to launch drive-by attacks from malicious Web sites.

Symantec also confirmed that it has spotted in-the-wild attacks exploiting the critical vulnerability in IE6 and IE7 that Microsoft acknowledged recently. The exploit is carried out simply by visiting a Web page hosting the vulnerability. When the browser opens the page, the exploit causes the user's computer to download and execute another piece of malware.

Most of the malware downloaded and installed on the victimized PC consists of backdoors that let hackers install and run even more attack code. Among the malware is a .dll file that's injected into IE to provide additional remote access to the machine.

Exploit code for the unpatched bug in Internet Explorer was published on the Web Wednesday March 10th, a step security pros said earlier would be the precursor to widespread attacks.

Users can upgrade Internet Explorer to IE8, which does not contain the bug and so is immune from attack.