Microsoft was to release an emergency patch yesterday to fix a perilous software flaw allowing hackers to hijack Internet Explorer (IE) browsers and take over computers.
The US software giant said on Tuesday that in response to “the threat to customers” it immediately mobilized security engineering teams worldwide to deliver a software cure “in the unprecedented time of eight days.”
Researchers at software security firm Trend Micro say attacks based on the vulnerability in the world’s most popular Web browser are “spreading like wildfire” with millions of computers already compromised.
Microsoft typically releases patches for its software on the second on Tuesday of each month and rushing this fix to computer users out-of-cycle is testimony to the severe danger of the threat, according to Trend Micro.
“When the patch is released people should run, not walk, to get it installed,” said Trend Micro advanced threat researcher Paul Ferguson.
“This vulnerability is being actively exploited by cyber-criminals and getting worse every day,” he said.
Trend Micro has identified about 10,000 Web sites that have been infected with malicious software that can be surreptitiously slipped into visitors’ unprotected IE browsers to take advantage of the flaw.
“What makes this so insidious it takes advantage of a big gaping hole of IE, which has the largest install base of any browser on the market,” Ferguson said.
IE is used on nearly three-quarters of the world’s computers, industry statistics from last month showed.
Microsoft’s move came one day after Cisco issued a report saying armies of hijacked computers are flooding the world with spam as hackers devise slicker ways to take over unwitting people’s machines.
Virus-infected computers are woven into “botnets” used to attack more machines and to send specious sales pitches to e-mail addresses in low-cost quests to bilk readers out of cash.
“Every year we see threats evolve as criminals discover new ways to exploit people, networks and the Internet,” Cisco chief security researcher Patrick Peterson said.
This year, botnets were used to inject an array of legitimate Web sites with an IFrames malicious code that reroutes visitors to Web sites that download computer viruses into their machines, Cisco said.
DISASTER: The Bangladesh Meteorological Department recorded a magnitude 5.7 and tremors reached as far as Kolkata, India, more than 300km away from the epicenter A powerful earthquake struck Bangladesh yesterday outside the crowded capital, Dhaka, killing at least five people and injuring about a hundred, the government said. The magnitude 5.5 quake struck at 10:38am near Narsingdi, Bangladesh, about 33km from Dhaka, the US Geological Survey (USGS) said. The earthquake sparked fear and chaos with many in the Muslim-majority nation of 170 million people at home on their day off. AFP reporters in Dhaka said they saw people weeping in the streets while others appeared shocked. Bangladesh Interim Leader Muhammad Yunus expressed his “deep shock and sorrow over the news of casualties in various districts.” At least five people,
ON THE LAM: The Brazilian Supreme Court said that the former president tried to burn his ankle monitor off as part of an attempt to orchestrate his escape from Brazil Former Brazilian president Jair Bolsonaro — under house arrest while he appeals a conviction for a foiled coup attempt — was taken into custody on Saturday after the Brazilian Supreme Court deemed him a high flight risk. The court said the far-right firebrand — who was sentenced to 27 years in prison over a scheme to stop Brazilian President Luiz Inacio Lula da Silva from taking office after the 2022 elections — had attempted to disable his ankle monitor to flee. Supreme Court judge Alexandre de Moraes said Bolsonaro’s detention was a preventive measure as final appeals play out. In a video made
It is one of the world’s most famous unsolved codes whose answer could sell for a fortune — but two US friends say they have already found the secret hidden by Kryptos. The S-shaped copper sculpture has baffled cryptography enthusiasts since its 1990 installation on the grounds of the CIA headquarters in Virginia, with three of its four messages deciphered so far. Yet K4, the final passage, has kept codebreakers scratching their heads. Sculptor Jim Sanborn, 80, has been so overwhelmed by guesses that he started charging US$50 for each response. Sanborn in August announced he would auction the 97-character solution to K4
SHOW OF FORCE: The US has held nine multilateral drills near Guam in the past four months, which Australia said was important to deter coercion in the region Five Chinese research vessels, including ships used for space and missile tracking and underwater mapping, were active in the northwest Pacific last month, as the US stepped up military exercises, data compiled by a Guam-based group shows. Rapid militarization in the northern Pacific gets insufficient attention, the Pacific Center for Island Security said, adding that it makes island populations a potential target in any great-power conflict. “If you look at the number of US and bilateral and multilateral exercises, there is a lot of activity,” Leland Bettis, the director of the group that seeks to flag regional security risks, said in an
RSS