REDMOND, WA — The mob wants you.Well, not you, really, but your identity.
And not just any old mob, either: a group of sophisticated organized cybercriminals who have seeded the Web with malware and now are dragging unsuspecting Internet Explorer users onto malicious websites in order to steal their personal information, including usernames, passwords and financial data.
According to a variety of cybersecurity watchdogs and Microsoft, all versions of IE — including the newest, IE 8 Beta 2 — on all Windows platforms are blessed with an exploitable hole large enough to drive a Mac truck through. The situation is so serious that a number of tech resources are reporting a Microsoft warning that IE isn’t safe right now and won’t be until a fix can be developed.
In other words, surf at your own risk or use another browser. Microsoft said so.
For the time being, at least, most of the problem seems to be centered around Chinese websites and Chinese surfers. Hackers have implanted code on a number of popular Chinese sites and are tricking IE into handing over gamers’ private data that can be sold on the black market.
More than 1,000 websites — including popular Asian porn sites — and as many as 2 million computers have been reported infected. The attacks target the 0Day vulnerability in the XML parsing engine and the MSHTML.DLL library.
“Some legitimate websites were maliciously modified to include the exploits,” Microsoft’s Ziv Mador and Tareq Saade explained at TechNet.com. “For example, a popular search engine in Taiwan was found to be hosting the exploit. Luckily, that site was quickly cleaned. Secondly, we’ve noticed some pornography sites have started hosting these exploits too: We recently found a website in Hong Kong that serves various content, including adult entertainment.
“Based on our stats, since the vulnerability has gone public roughly 0.2 percent of users worldwide may have been exposed to websites containing exploits of this latest vulnerability,” Mador and Saade added. “That percentage may seem low; however, it still means that a significant number of users have been affected. The trend for now is going upwards: We saw an increase of over 50 percent in the number of reports [on December 13th] compared to [December 12th].”
The tech press is understandably grim in its analysis, even while trying to be helpful.
“Even though there is currently no patch for this problem, Microsoft has offered a variety of workarounds,” Brennon Slattery wrote at PCWorld.com. “Most involve disabling or crippling the ‘oledb32.dll’ file. Other methods include setting Internet and local intranet security zones to ‘high’ and configuring Internet Explorer to prompt before running Active Script or to disabling Active Script.”
However, no one is certain those temporary fixes will be effective.
“…[W]ith a flaw as gap-toothed as this, the possibilities of nefarious action could include the massive theft of personal information such as administrative computer passwords and financial data,” Slattery wrote. “The easiest way to keep your computer safe is to stop using Internet Explorer.”
