Computer users have been warned that several Trojan horses that exploit an unpatched flaw in Internet Explorer have now been discovered.
Two exploits that use the recently disclosed vulnerability were reported by antivirus company Sophos on Friday. Called Clunky-B and Delf-LT, the exploits could allow malicious code to be executed remotely on a user's PC.
These Trojans could "download anything, including a 'banker Trojan' that gives up your bank details", according to a Sophos spokesperson.
Microsoft issued an advisory last week, on "the way Internet Explorer handles mismatched document object model objects". Systems running Microsoft Internet Explorer on Windows XP Service Packs 1 and 2 are vulnerable to attack. Machines running Windows 98, Windows 98 SE, Windows Me and Windows 2000 Service Pack 4 are also vulnerable to the exploits.
Microsoft is not due to issue another round of security patches until 13 December. Some security experts have suggested the company should roll out an unscheduled patch before this time to address this flaw. However, it's not clear whether the flaw will even be addressed in the next Microsoft security bulletin.
"We're working on a fix at the moment. I don't have confirmation that the patch will be available in the next round of updates, but we will include the fix in an upcoming security bulletin," said a Microsoft spokesperson.
The unpatched Internet Explorer vulnerability was first reported in May. The vulnerability was initially thought to only allow a denial-of-service attack, which would cause IE to crash.
Microsoft updated its advisory last week because "remote execution of code through this vulnerability [was found to be] possible. This is new information that's come about," said the spokesperson.
Sophos warned that the Trojans could be downloaded onto a user's computer if they visited a specially crafted Web site, and said it had found such a site. Sophos has refused to name the Web site in question, but it appears the threat to users at the moment is slight.
"It is not a hacked Web site which is in common usage — it is unlikely that someone would visit it unprompted," said Sophos. "We don't see this in our spam traps, so it is unlikely that a wide-ranging spam campaign was used to get people to visit the dodgy site."
Sophos advised users to turn off the Active Scripting facility in Internet Explorer, as a stop-gap measure.
"Until a fix is available from Microsoft, concerned computer users should consider changing the configuration of Internet Explorer to turn off, or prompt before, allowing Active Scripting to run," said the company.
Details of the next Microsoft security bulletin will be available here from 8 December.
Talkback
URGENT
urgent
RE:
Trojans target unpatched IE flaw
Tom Espiner
ZDNet UK
December 05, 2005, 15:05 GMT
your link to CERT is bogus.
the id 88786 is missing a final digit > 1.
887861 is the correct ID.
icaw
Yet another reason to usurp Microsoft's strangle-hold on the browser and desktop.
Until a fix is available from Microsoft, concerned computer users should consider changing the configuration of Internet Explorer to turn off, or prompt before, allowing Active Scripting to run," said the company.
HOW about telling us HOW to do that !!!!
not just talking !! about it, there is a few 100 million people out in the wild that are not IT professionals.
THANKS
For Hank: click on tools, security, custom levels and uncheck the scripting boxes. The VERY BEST thing to do is take MSIE off your desktop and download Firefox
1.5, Opera, or Mozilla 1.7. All of these are faster and safer than MSIE. To get the ultimate experience upgrade your OS to a stable, fast, and secure Linux Distribution like Mandriva, Suse, or Redhat.