Germany Finds More Malicious Code In Internet Explorer
Technology Articles 9/21/12
By: David Martinez
The German government urged the public on Tuesday to temporarily stop using Microsoft Corp's Internet Explorer following discovery of a yet-to-be repaired bug in the Web browser that the software maker said makes PCs vulnerable hacker attacks.
It issued the warning as a researcher said he found evidence that suggests the hackers who exploited the flaw were seeking to attack defense contractors.
Microsoft said on Monday that attackers can exploit the bug in its Internet Explorer, used on hundreds of millions of computers, to infect the PC of somebody who visits a malicious website and then take control of the victim's computer.
The German government's Federal Office for Information Security, or BSI, said it was aware of targeted attacks and that all that was needed was to lure Web surfers to a website where hackers had planted malicious software that exploited the bug.
"A fast spreading of the code has to be feared," the German government said in its statement.
BSI advised all users of Internet Explorer to use an alternative browser until the manufacturer has released a security update.
Officials with Microsoft did not respond to a request to comment on the move by the German government, although the company downplayed the impact of the flaw in a written statement.
"There have been an extremely limited number of attacks," said company spokeswoman Yunsun Wee. "The vast majority of Internet Explorer users have not been impacted."
The company said it planned to release software to protect PCs from attack within the next few days. Customers must manually install the code by visiting Microsoft's website and clicking on a link.
Microsoft did not say how long it will take to release a full update to Internet Explorer, which will automatically be loaded onto the machines of most customers. Several security researchers have said they expect the update within a week.
The vulnerability in Internet Explorer was identified on Friday after the PC of a security researcher from Luxembourg was infected while analyzing a computer server that was used last year to launch a cyber industrial espionage campaign on at least 48 chemical and defense companies.
The victims of the so-called "Nitro" attacks included Fortune 100 corporations that develop compounds and advanced materials, according to security software maker Symantec Corp, which disclosed them in October 2011.
Network security firm AlienVault said on Tuesday it has discovered three other servers that host malicious websites that exploit the newly found Internet Explorer vulnerability.
Jaime Blasco, manager of AlienVault Labs, said he found evidence suggesting they targeted defense contractors. As an example, he said he found a related virus on a site that provides news on India's defense sector.
"It seems that these guys are behind big targets," he said.
Internet Explorer was the world's second-most widely used browser last month, with about 33 percent market share, according to StatCounter. It was close behind Chrome, which had 34 percent of the market.
Until the new software is available from Microsoft, the company advises customers to use a free security tool, which is known as the Enhanced Mitigation Experience Toolkit, or EMET, to mitigate the risk of attacks. It is available through an advisory on Microsoft's website: http://blogs.technet.com/b/msrc/
The EMET software must be downloaded, installed and then manually configured to protect computers from the newly discovered threat, according to the posting from Microsoft. The company also advised customers to adjust several Windows security settings to thwart potential attackers, but cautioned that doing so might impact the PC's usability.
Some security experts have said it would be too cumbersome for many PC users to implement the measures suggested by Microsoft. Instead they advised Windows users to temporarily switch from Internet Explorer to rival browsers such as Google Inc's Chrome, Mozilla's Firefox or Opera Software ASA's Opera.