Hijacker exploits previously unknown MSIE flaw

Discussion in 'other security issues & news' started by the mul, Jun 15, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Hijacker exploits previously unknown MSIE flaw

    A browser hijacker known as ILookup has been caught red-handed exploiting a previously unknown flaw in Microsoft Internet Explorer.

    ILookup installs as a toolbar and browser helper object. Once installed, it will hijack the home page, search page and sidebar search page. It also will create pop-up ads, most of them pornographic.

    A Dutch student and security researcher analyzed the hijacker after receiving an email about it. He posted his findings to Bugtraq after realizing that it was exploiting flaws in Internet Explorer that no one knew about. These flaws enables this hijacker to infect Internet Explorer running on all versions of Windows and regardless of security patches.

    Microsoft is extraordinarily upset about the situation. Stephen Toulouse, security program manager for Microsoft, called the ILookup's use of a security flaw "criminal" and said that Microsoft has contacted the FBI about it.

    I am glad to see Microsoft taking this so seriously. If only we could direct Microsoft's anger at the hundreds of other browser hijackers who also exploit flaws in Internet Explorer. There's an excellent candidate at coolwebsearch.com.


    The Mul



    More: http://www.spywareinfo.net/june15,2004
     
Loading...
Thread Status:
Not open for further replies.