Archive for vulnerability

New spam luring people to sites with Internet Explorer exploits

March 31, 2006 at 12:42 pm · Filed under microsoft, createTextRange, vulnerability

There is currently an unpatched vulnerability in Internet Explorer that can allow a web site to install software on your computer.  This vulnerability can only affect you if you visit a site that is running one of these exploits.  Spam, though, has been found that is acting as lure to have you visit one of these sites.

Websense has a released an alert stating:
“Attackers have begun spamming e-mail lures in an attempt to attract users to infected websites. These e-mail messages contain excerpts from actual BBC news stories and offer a link to “Read More”. Users who follow this link are taken to a website that is a spoofed copy of the BBC news story from the e-mail. This website exploits the unpatched createTextRange vulnerability and is currently being used to download and install a keylogger. This keylogger monitors activity on various financial websites and uploads captured information back to the attacker.”

So if you receive an email about stories found on the BBC’s website, do not visit these links.  Instead discard these emails and instead go to the BBC’s website manually by typing its address in your web browser.  That way at least you know you are going to the correct site rather than a forged one.

Tags: No Tags

Comments


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Malware Removal Guides


© 2003-2008 All Rights Reserved Bleeping Computer LLC.

Featured Microsoft Expert Zone Community