IE Under Attack: Microsoft Ponders Emergency Patch

Malicious hackers are using hijacked Web servers and compromised sites to launch a wave of zero-day attacks against an unpatched flaw in Microsoft’s Internet Explorer browser.

The first wave of drive-by downloads was spotted on March 25, and security experts tracking the attack say the threat is growing at a rate of 10 new malicious URLs every hour.

eWEEK has seen a list of more than 20 unique domains and 100 unique URLs hosting the exploits, which are dropping a variant of SDbot, a virulent family of backdoors that give hackers complete ownership of infected computers.

SDbot allows attackers to control victims’ computers remotely by sending specific commands via IRC (Inter Relay Chat) channels. It has been used to seed botnets and plant keystroke loggers for use in identity theft attacks.

The Microsoft Security Response Center has confirmed the attacks but insists they are “limited in scope.”

“Here’s what we know. The attacks are limited in scope for now and are being carried out by malicious Web sites exploiting a vulnerability in the method by which Internet Explorer handles HTML rendering,” said MSRC Program Manager Stephen Toulouse.

“[We’re] working day and night on development of a cumulative security update for Internet Explorer that addresses the vulnerability,” Toulouse said in a blog entry posted at 5:21 a.m. on March 25.

He said the IE patch is “on schedule” to ship as part of next month’s Patch Tuesday, which will take place on April 11, but the company is not ruling out an emergency, out-of-cycle release if the threat escalates.

Read the rest of this eWEEK story: “IE Under Attack: Microsoft Ponders Emergency Patch”