By Jabulani Leffall
A zero-day flaw in Internet Explorer 7 reported last week has sparked
increased hacker activity, and now the attacks involve most versions of
Microsoft's Internet browser. Still, Microsoft does not plan to issue a
fix for the exploit until sometime next year.
The attack code originated on Chinese servers and initially only
affected IE7, but it emerged that IE5.01, IE6, IE7 and IE8 Beta 2, have
also been exploited.
On Monday, Redmond continued to investigate what it called "huge
increases" in attacks exploiting the "critical" vulnerability in
Internet Explorer. A blog post on Saturday explained that some of the
attacks originated from compromised porn sites.
Microsoft is stressing that avoiding questionable Web destinations may
not be an adequate defense in itself.
"This class of attack, along with other more classical forms of website
intrusion, mean[s] that even trusted sites can end up serving malicious
content, causing you[r computer] to get infected. Other researchers
confirmed that attacks were increasingly coming from compromised Web
sites," the blog said.
Help InfoSecNews.org with a donation!