Websites Using IE Vulnerability Continue to Grow

By Jimmy Daniels
Contributing Writer, RealTechNews

Websense and Sunbelt are reporting that the number of websites using the latest IE vulnerability is over 200, and these are not just hacker sites either. BTW, this is one of those exploits that would allow the attacker to execute code on your machine, just by visiting a website. Microsoft said in the above link that the attacker would have to persuade someone to visit a site, but it appears, that may not be as hard as they hoped it would be.

However, we concur with the good folks over at WebSense — a lot of sites that we examined with this vulnerability are legitimate sites that have been compromised. It’s not just the usual porn and crack sites that some users go to. Source: Sunbelt

And in another posting from Sunbelt, it appears this exploit may also be possible through email as well.

Just for the sake of clarity, there is an email attachment vector for this exploit that’s not widely reported. I have not seen any reports of it being used at this time. MS’s bulletin, in the FAQ’s, in “Could this vulnerability be exploited through e-mail?”, says it can be exploited if one “open(s) an attachment that could exploit the vulnerability.” ISS obliquely says attacks may occur by “…simply embedding the required logic in specially crafted HTML emails.”

The full extent of email as an attack vector is not fully known. Best thing you can do is turn off Active Scripting in IE (IE 7 beta preview 2 is not affected by this exploit), as according to SANS, this may be a “global” workaround.

A recent posting from Microsoft may help someone whose already infected, but will not keep the exploit from happening.

The MSRC in combination with our internal and external partner teams have been working through the weekend looking at the recent attacks involving the IE vulnerability I mentioned previously. So far we’re still seeing only limited attacks. But our anti-malware team, as always, is on the case and has uploaded removal information for the attacks to date to Windows Live Safety Center. I want to reiterate that the IE team has the update in process right now and if warranted we’ll release that as soon as it’s ready to protect customers (right now our testing plan has it ready in time for the April update release cycle). But if you’re concerned you may be impacted, now you can visit http://safety.live.com to scan your machine and remove current attacks using this vulnerability. Source: MS Security Response Blog

We Say: Let’s be careful out there. Best thing you can do is turn off Active Scripting, use a different browser or use the Microsoft Internet Explorer 7 Beta 2 Preview, which is not affected. Me, I guess I’ll be using Firefox. It’s amazing to me that Microsoft could even think of waiting until the next update Tuesday to deal with this exploit, if the number of websites exploiting this keep growing, the few of us left without spyware on their machines will certainly grow smaller.