Hackers find a hole in Internet Explorer browser

In an alarming development for both Microsoft and the millions who use its Internet Explorer browsers, hackers have found a security hole that allows them to install malicious software on Windows XP computers. Specifically, security researcher Eric Romang of Zataz.com discovered on Sunday that the fresh “zero day” vulnerability allowed cybercrooks to use a form of the old Poison Ivy trojan horse to take control of victims’ machines. The flaw appears to affect Internet Explorer versions 6, 7, 8, and 9, though not the brand-new version 10 (which is only available on Windows 8). It seems the culprits may be related to the bunch who exploited a major flaw in Oracle’s Java browser plug-in last month.

When news of the Java vulnerability broke, security experts’ advice was clear-cut: Disable the Java browser plug-in immediately unless you absolutely need it. The fact that Java applets have grown relatively scarce on the Web, coupled with Oracle’s sluggish response to the problem, made that an easy call for most. (Java has since patched the hole, for what it’s worth.)

So if you’re a Windows XP user, should you now dump Internet Explorer as well? Perhaps, experts say, though the hack shouldn’t be a cause for mass panic. For one thing, Microsoft itself has responded quickly with a security advisory that includes an extensive list of work-arounds. Its apparent sense of urgency suggests that it may offer a prompt update that patches the problem, though it hasn’t done so yet.

Unfortunately for Microsoft, the work-arounds are a bit cumbersome and could affect your browsing experience – potentially more so than just switching to another browser. And while IE loyalists could just try to avoid potentially malicious websites and hope for the best, you never know. “I would recommend not using Internet Explorer until this issue is patched,” Sophos’ Chet Wisniewksi says. “While the exploit is not in widespread use, it could be integrated into popular attack kits like the Blackhole Exploit Kit any time now.”

For those who were already thinking of switching to another browser, such as Google’s super-fast Chrome, Mozilla’s highly customizable Firefox, or Opera, consider this the perfect time. If you don’t like it, you can come back to IE once Microsoft fixes this flaw.

bc-hackers

More in Herald Business Journal

Teddy, an English bulldog, models Zentek Clothing’s heat regulating dog jacket. (Ian Terry / The Herald)
Everett clothing company keeps your dog cool and stylish

Zentek uses space-age fabrics to moderate the temperature of pets and now humans.

Everett engineers learn lessons from Mexico City catastrophe

Structural scientists went to help after the September earthquake there and studied the damage.

Providence said to be in talks for merger with Ascension

The two Catholic health organizations have been exploring joining forces, sources say.

DaVita to sell off medical groups including The Everett Clinic

Another round of health care consolidation means The Everett Clinic could soon get new ownership.

Engine trouble hits Air New Zealand’s 787 Dreamliners

A Rolls-Royce engine was shut down and was afterward found to be seriously damaged.

Washington, Amazon sue company over seller training programs

Braintree is accused of using deceptive ads promising information on how to make money on Amazon.

Bitcoin futures soar amid frenzy over virtual currency

Trading began Sunday, and theprice rose as high as $18,850.

Lockheed-Martin dominates global arms sales, Boeing is 2nd

The combined sales of U.S.-based companies totaled $217 billion.

The Marine Corps’ version of the F-35 Joint Strike Fighter is designed to land vertically like a helicopter. (Lockheed Martin)
F-35 fighter costs, $1 trillion over 60 years, draw scrutiny

Pentagon’s ability to repair F-35 parts at military depots is six years behind schedule.

Most Read