CYBERSPACE — The Cold War may be over, but word from the virtual front is that the Russians are still coming – at least where infested websites are concerned. The latest weapon in the Russian cyberterrorism arsenal is a recently uncovered vulnerability within the Internet Explorer Web browser, which is being used to surreptitiously install spyware on the computers of unsuspecting visitors. Researchers at Sunbelt Software Inc. were the first to report the latest IE exploitation, which PC World says relies upon a hitch in how the browser handles Vector Markup Language (VML) code used to display Web based graphic information.
According to Eric Sites, vice president of research and development at Sunbelt, “It’s not an operating system-dependent issue,” since the vulnerability exists in all versions of the IE browser running on Windows.
Sites says his company discovered the malicious code lurking on a Russian porn site late Friday. Since then, the code – identified as part of the latest Web Attacker exploit kit — has appeared on at least six similar sites. Sunbelt anticipates the exploit will spread widely, since Web Attacker is associated with almost 1,000 websites. “Since it’s being built into the next version of the Web Attacker kit, we expect that this thing will be everywhere in a few days,” Sites foretells.
Microsoft confirmed on Tuesday that Sunbelt’s findings were valid and indicated that a fix for the VML flaw will appear in its next security patch bundle, scheduled for October 10th “or sooner as warranted,” according to a public relations statement. This is the second flaw found in IE during the past week that’s been left unpatched. A vulnerability discovered last September is still under investigation with no word on when it will be patched.
Sunbelt recommends that users concerned about the VML attack disable their browser’s Javascript ability.
