DWT sites: DWT | Tokyo Zakka! Japanese Gadgets! | WeTokyo Friendfinder | Jobs in Japan | Eigo Factory | Snapp! Mobile PR & Marketing NEW!!


Porn sites use new IE bug to install spyware
September 20th, 2006

060920_Sunbelt.jpg

Hackers are taking advantage of a newly discovered vulnerability in Internet Explorer to install spyware on PCs that visit a number of Russian porn sites.

The malware, first reported Monday by researchers at Sunbelt Software, takes advantage of an unpatched flaw in the way IE processes Vector Markup Language (VML) code. VML is a language used to display graphic information on the web.

The attack appears to work on all versions of Windows running the IE 6 browser, said Eric Sites, Sunbelt’s vice president of research and development. “It’s not an operating system-dependent issue,” he said.

Sunbelt first discovered the malware on a Russian porn site late Friday. “This site and a couple of others use an exploit kit called Web Attacker, and it looks like the Web Attacker kit has been upgraded to include this new exploit,” Sites said.

Since Friday, Sunbelt noticed that the attack code has popped up on about a half-dozen Russian porn sites. In addition, since security researchers estimate that Web Attacker is used by nearly 1,000 websites, this latest exploit should soon become more widespread.

Web Attacker is a software development kit sold for as little as US$20 to criminals looking for an easy way to develop malware.

“Since it’s being built into the next version of the Web Attacker kit, we expect that this thing will be everywhere in a few days,” said Sites.

Whether the attacks will be widespread enough for Microsoft to rush to patch the flaw remains to be seen.

On Tuesday, Microsoft confirmed the Sunbelt team’s findings, and said it planned to fix the VML bug in its next set of security patches, scheduled to be released on October 10, “or sooner as warranted,” according to a statement from the company’s public relations agency.

This is the second unpatched flaw found in IE over the past week. On September 14, researchers posted code that could be used to exploit a different vulnerability in a multimedia component of Internet Explorer. Microsoft is still investigating that flaw and is not saying whether it too will be patched next month.

Sunbelt says that users can avoid the VML attack by disabling Javascript on their browsers. More information can be found on the Sunbelt blog.

Robert McMillan

Hire us to write for you, consult on Japan tech and more.
Click here and let us know what you need and maybe follow us on Twitter for all sorts of Japan adventuring.

11:50 AM Mark Hiratsuka • Permalink
Desktop PCs
Tagged with:
Add a comment | More DWT | Get a cool job in Japan! | Follow us on Twitter

Share this story online:

SocialTwist Tell-a-Friend

Or try the world's biggest matchmaking site:


Japanese gadgets from Tokyo Zakka!Perfect gifts for your nerdiest friends back home!


Next entry: Microsoft to add HD DVD to Xbox 360

Previous entry: Microsoft to ease Vista upgrades with one-DVD plan


C'mon - let's hear it...

Spammers beware: Any links in comments to commercial websites will be treated as paid advertising and will be charged at rate of $10 per link per day. Invoices will be sent to the idiots who hire you for so-called SEO jobs. All you good people will always keep it real, of course - thanks!