BBC Being Used to Exploit IE flaw
The modus operandi is that computer users receive spam e-mails from hackers containing the abstract of a BBC news story. When they click on the link, "Read More," they are directed to a forged copy of BBC's Web site wherein keylogging software designed to capture financial information then attempts to exploit the Microsoft IE vulnerability.
This software is designed such that it monitors activity on various financial Web sites, and transmits the data back to the hacker.
Steve Herrmann, editor, BBC News website, said that in the past they have had people creating spoof pages of their site, but using the BBC site in this way to attack people's online security is a cause for serious concern.
Meanwhile, USA-based Websense Security Labs has issued an alert on its Web site to warn computer users about the latest scam. However the security firm says that using global brands like the BBC to lure people to malicious Web sites is common practice.
The latest alert comes on the heels of Microsoft and other security firms issuing a warning against a critical, unpatched script vulnerability in the IE browser that could allow a hacker to take complete control of an affected Windows PC.
In the meantime users stand advised either to disable a function called "active scripting" in IE that would effectively block any attack; or to use an alternative browser such as Firefox.
Microsoft has said that it is working on a fix for the problem, and is currently scheduled to release an update as part of its monthly bulletin on April 11, 2006.
But security firms like eEye Digital Security and Determina believe that the vulnerability is severe enough, and as such have released their own unofficial fixes for the IE flaw.
Reproduced from an article published by TechTree.com
© TechTree.com
The original article can be viewed here:
http://www.techtree.com/techtree/jsp/article.jsp?article_id=72313&cat_id=58...
Permalink Bookmark Digg this story
