Optimized IE Exploit Speeds Up Infection


A new twist on the existing exploit of Internet Explorer's zero-day vulnerability has slashed the time it takes to compromise a computer, a security company claimed Friday.

According to Sunnyvale, Calif.-based Fortinet, the exploit -- dubbed "JS/CreateTextRange.B" to differentiate it from the original -- takes much less time to execute.

"In this version, the time to wait before the execution of the payload (aka hacker's code and potentially damaging payload) is minimized," said Fortinet's alert.

The change could be significant, since the one exploit now in circulation takes 5 to 10 seconds to execute, said Dan Hubbard, senior director of security and research at Websense. InformationWeek | Internet Explorer Security | Optimized IE Exploit Speeds Up Infection | March 31, 2006

Linked by shanmuga Saturday, 1st April 2006 10:04PM