IE Exploit Could Soon Be Used By 10,000 plus Sites

The unpatched vulnerability in Microsoft's Internet Explorer that created a stir Tuesday may be exploited by 10,000 or more malicious Web sites if all their owners update to the newest version of the WebAttacker exploit kit, a security researcher said Wednesday.

First reported by Florida-based Sunbelt Software Tuesday, the bug has already been used to compromise PCs and load them with scores of adware and spyware programs, as well as other malicious code. Users surfing with IE 6 and earlier can be infected simply by viewing the wrong site.

The in-the-wild exploit is definitely being served up by WebAttacker, a multi-exploit "kit" created and sold by a Russian group for as little as $20, said Dan Hubbard, head of research at security company Websense. Tuesday's analysis by Hubbard and others, including Eric Sites of Sunbelt, fingered WebAttacker but couldn't prove it. IE Exploit Could Soon Be Used By 10,000-plus Sites - Security Technology News by TechWeb

Linked by shanmuga Wednesday, 20th September 2006 11:39PM