Widespread Attacks Exploit Newly-Patched IE Bug

Posted by Soulskill on Saturday January 23, 2010 @03:01AM from the of-fish-and-barrels dept.

itwbennett writes "The first widespread attack to leverage the Internet Explorer flaw that Microsoft patched in an emergency update Thursday morning has surfaced. By midday Thursday Symantec had spotted hundreds of Web sites that hosted the attack code. The attack installs a Trojan horse program that is able to bypass some security products and then give hackers access to the system, said Joshua Talbot, a security intelligence manager with Symantec. Once it has infected a PC, the Trojan sends a notification e-mail to the attackers, using a US-based, free e-mail service that Symantec declined to name." Relatedly, reader N!NJA was among several to point out that Microsoft has apparently been aware of this flaw since September.

1 of 141 comments (clear)

Min score:

Reason:

Sort:

This clearly needs 10 more stories by abigsmurf · 2010-01-23 03:18 · Score: 1, Flamebait

This has been covered ad nauseum here. Do we really need an update every 10 hours? A bug was exploited, it is now patched. Anyone who falls victim to it now deserves to do.

No doubt there'll be more stories about this. Was the patch larger than it needed to be? Does the patch break applications (it already breaks ones that exploited! It must break more!). Is Microsoft's failure to patch speedily yet another indication that Obama's administration is failing to meet its promises?

Stay tuned as Slashdot milks this story for another week!